Headline
GHSA-4phg-hpqm-c3j4: Strapi mishandles hidden attributes within admin API responses
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
Strapi mishandles hidden attributes within admin API responses
Moderate severity GitHub Reviewed Published Sep 28, 2022 • Updated Sep 30, 2022
Related news
CVE-2022-31367: Release v4.1.10 · strapi/strapi
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.