Vulnerability Description
Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to another table they want to query, the query changes from `password` to `t1.password`. `password` is protected by filtering protections but `t1.password` is not protected. This can lead to filtering attacks on everything related to the object again, including admin passwords and reset-tokens. Version 4.10.8 fixes this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strapi | Strapi | < 4.10.8 |
Related Weaknesses (CWE)
References
- https://github.com/strapi/strapi/releases/tag/v4.10.8Release Notes
- https://github.com/strapi/strapi/security/advisories/GHSA-9xg4-3qfm-9w8fExploitVendor Advisory
- https://github.com/strapi/strapi/releases/tag/v4.10.8Release Notes
- https://github.com/strapi/strapi/security/advisories/GHSA-9xg4-3qfm-9w8fExploitVendor Advisory
FAQ
What is CVE-2023-34235?
CVE-2023-34235 is a vulnerability with a CVSS score of 8.6 (HIGH). Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change th...
How severe is CVE-2023-34235?
CVE-2023-34235 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-34235?
Check the references section above for vendor advisories and patch information. Affected products include: Strapi Strapi.