{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-31T16:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/strapi/strapi/pull/4636"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bittherapy.net/post/strapi-framework-remote-code-execution/", "refsource": "MISC", "url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"}, {"name": "https://github.com/strapi/strapi/pull/4636", "refsource": "MISC", "url": "https://github.com/strapi/strapi/pull/4636"}, {"name": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"}, {"name": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:25:11.498Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/strapi/strapi/pull/4636"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19609", "datePublished": "2019-12-05T19:44:28", "dateReserved": "2019-12-05T00:00:00", "dateUpdated": "2024-08-05T02:25:11.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97983D3-FFBA-485E-8496-6489A9074853", "versionEndIncluding": "1.6.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1:*:*:*:*:*:*", "matchCriteriaId": "3E72C7A0-197D-4324-BBB4-663223C52C7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2:*:*:*:*:*:*", "matchCriteriaId": "954FDA03-9914-42DC-9AF0-81CB69BD0442", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3:*:*:*:*:*:*", "matchCriteriaId": "7B4D7C63-F071-4572-BD81-65ABCA693A8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11:*:*:*:*:*:*", "matchCriteriaId": "003189F7-77BD-416F-A253-C808E7E38A11", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1:*:*:*:*:*:*", "matchCriteriaId": "A1DDFD47-7C0A-447F-9A34-F7690B28A4B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2:*:*:*:*:*:*", "matchCriteriaId": "F3EA2B22-E04D-48FB-8BD9-9CD66598346A", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3:*:*:*:*:*:*", "matchCriteriaId": "6F39E9F5-8AEE-4E26-A084-1BF813A65FFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12:*:*:*:*:*:*", "matchCriteriaId": "31EC2516-DA0E-4710-AB98-11E1081764DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1:*:*:*:*:*:*", "matchCriteriaId": "62C28A62-C16D-47D6-9D56-2B236287CBF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3:*:*:*:*:*:*", "matchCriteriaId": "D000CAF1-B033-4CF6-B6B4-1A9C10239886", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2:*:*:*:*:*:*", "matchCriteriaId": "C424AFC4-3DBA-4F69-A030-6B143ADEAE13", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3:*:*:*:*:*:*", "matchCriteriaId": "1B8C9E2B-58B7-4938-BF34-BB2E4322F53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4:*:*:*:*:*:*", "matchCriteriaId": "CE6F7CA0-11AE-45F0-B1AA-034A32CC0C5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5:*:*:*:*:*:*", "matchCriteriaId": "F3747021-429C-4D16-A740-A9C69FA06561", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6:*:*:*:*:*:*", "matchCriteriaId": "2E76C452-5545-4495-A671-4207A3DFE710", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7:*:*:*:*:*:*", "matchCriteriaId": "6D493E54-F8BE-470D-B78C-EF2E48645BEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1:*:*:*:*:*:*", "matchCriteriaId": "11C6D99B-67E0-4828-A812-EA987D585C75", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13:*:*:*:*:*:*", "matchCriteriaId": "D6D0EA14-3E88-491D-9522-5F9F2F968329", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1:*:*:*:*:*:*", "matchCriteriaId": "38DF3333-7B40-41A1-8C1A-EE644867193C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1:*:*:*:*:*:*", "matchCriteriaId": "ECC59C0A-60C1-4DC7-B127-D512271DA491", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14:*:*:*:*:*:*", "matchCriteriaId": "17CA9542-43DC-4D7D-A159-D7D56639EE46", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1:*:*:*:*:*:*", "matchCriteriaId": "1826129C-FF15-4422-97CA-F383E6F86B36", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1:*:*:*:*:*:*", "matchCriteriaId": "95509917-C33A-43C1-9043-D9618884FDF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2:*:*:*:*:*:*", "matchCriteriaId": "2CF2A7C5-F97C-447B-977D-243321CD807D", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3:*:*:*:*:*:*", "matchCriteriaId": "0A4DF814-73F9-4D04-87BD-03839E7E5BD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0:*:*:*:*:*:*", "matchCriteriaId": "4198B34C-CFE0-46AD-A2D6-926F5A037759", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5:*:*:*:*:*:*", "matchCriteriaId": "76B25EF2-EFB6-4626-AC51-209523A1342E", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha15:*:*:*:*:*:*", "matchCriteriaId": "D15150B6-8B20-496A-BD97-F598E2C243AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha16:*:*:*:*:*:*", "matchCriteriaId": "39C8378E-BBFC-48D0-B69B-ED034BAA100C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha17:*:*:*:*:*:*", "matchCriteriaId": "006A3591-8908-4B9A-A3BA-C2136FC6B009", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha18:*:*:*:*:*:*", "matchCriteriaId": "1E85C03D-DA48-4F2D-A995-0FC82B61327D", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha19:*:*:*:*:*:*", "matchCriteriaId": "1F314776-5157-488E-B7A8-B074BC31CC63", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha20:*:*:*:*:*:*", "matchCriteriaId": "80EF6FFD-318D-42C7-A5E0-FD2B9E561F68", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha21:*:*:*:*:*:*", "matchCriteriaId": "B46002D9-0AD1-48F2-9CE0-6ECD2AE166DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha22:*:*:*:*:*:*", "matchCriteriaId": "5184E9EB-396B-412D-88F5-A852F8D74289", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha23:*:*:*:*:*:*", "matchCriteriaId": "149771DC-DE72-43DB-9B5C-3717B7078FB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1:*:*:*:*:*:*", "matchCriteriaId": "2A67962C-D35B-408A-BD74-0B4647B81A23", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha24:*:*:*:*:*:*", "matchCriteriaId": "31083AE3-3D91-4F23-AE4C-2EB08FF4BAF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1:*:*:*:*:*:*", "matchCriteriaId": "651B10C1-918E-4F6C-970B-45FA9DDE83E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25:*:*:*:*:*:*", "matchCriteriaId": "20A37EAD-A610-450B-8DC2-A8208200E641", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1:*:*:*:*:*:*", "matchCriteriaId": "836A2C35-38D8-4ED6-B87D-2003C2F3A445", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2:*:*:*:*:*:*", "matchCriteriaId": "4153D69D-D158-4AFF-9936-A944B0F7F8E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26:*:*:*:*:*:*", "matchCriteriaId": "09EA2597-2BA4-4747-9B52-E4E713594A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1:*:*:*:*:*:*", "matchCriteriaId": "19C9D4D8-978A-431C-B39C-80AB7B22D7D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2:*:*:*:*:*:*", "matchCriteriaId": "9423DAF3-6295-4B9D-9B99-CAA9EE698548", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "021CE25F-44BD-403C-89EB-91127319B7B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8:*:*:*:*:*:*", "matchCriteriaId": "54039D06-9AE2-4B83-A7D4-80177A3A5F56", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3:*:*:*:*:*:*", "matchCriteriaId": "98503595-C247-499B-8654-424004FAA263", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5:*:*:*:*:*:*", "matchCriteriaId": "6EE84452-19EC-41BE-9075-D48FA4BFD230", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3:*:*:*:*:*:*", "matchCriteriaId": "01E106C1-EF1B-4768-AB51-19FEA9597558", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4:*:*:*:*:*:*", "matchCriteriaId": "61CE8F6A-7D01-45EE-8EB9-39AE0D2BDB09", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7:*:*:*:*:*:*", "matchCriteriaId": "73C9DB4F-266C-4180-A1C1-8DA14854B52C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2:*:*:*:*:*:*", "matchCriteriaId": "07D25069-D60A-4E25-9817-575F555AE176", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3:*:*:*:*:*:*", "matchCriteriaId": "1377CFAD-6C86-4A7B-AEDC-26ACBE6C4AC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha8:*:*:*:*:*:*", "matchCriteriaId": "7066F2B2-B0B1-4922-972A-F0B8963FC594", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3:*:*:*:*:*:*", "matchCriteriaId": "AD5E0CEF-E30E-4828-891B-056A7FC29951", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9:*:*:*:*:*:*", "matchCriteriaId": "FA634AA2-114D-4D9D-8829-BD8ADA617F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1:*:*:*:*:*:*", "matchCriteriaId": "0321315F-1AE4-4EB8-B701-094196E14689", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2:*:*:*:*:*:*", "matchCriteriaId": "77710B2A-4AA6-4F2A-80DB-BEF3C08AC628", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "43D725A4-1141-4A1E-910A-F458D5FBDF7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "9267A380-DAAE-4867-A40D-8CA2B15249CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "1C52DD2F-1E79-4C8D-8842-E3DA892D72FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "8A770C55-AA10-4BA9-954F-6F94FCDE6D77", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "A11F1B45-461B-407B-A0C0-D53D17D33427", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "878188D2-C6B0-4BA5-A920-7A8743BA1352", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "474D3C4C-C5D6-400C-9543-7E42CB6DB3D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "9B86604F-2CCD-49FA-9DE5-C9229F268E28", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16:*:*:*:*:*:*", "matchCriteriaId": "8F5E4719-B67D-475B-83C7-EF9989A349A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.1:*:*:*:*:*:*", "matchCriteriaId": "66370EFF-1BE1-4641-8ADA-00851D335129", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.2:*:*:*:*:*:*", "matchCriteriaId": "C6280EBB-A0AE-477E-A49B-380D1C873E25", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.3:*:*:*:*:*:*", "matchCriteriaId": "2FA48F7B-3B19-462A-86FC-1BAB0400D401", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.4:*:*:*:*:*:*", "matchCriteriaId": "35259067-83E2-472E-85F8-15A1201ACE4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.5:*:*:*:*:*:*", "matchCriteriaId": "958DC7DA-9FAC-4BDD-B159-26663BCB4651", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.6:*:*:*:*:*:*", "matchCriteriaId": "A1F9EAB9-7BF7-43F4-84CF-11647C8707F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.7:*:*:*:*:*:*", "matchCriteriaId": "772C39A2-EFD9-442F-B5B5-9AE9E216247C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.8:*:*:*:*:*:*", "matchCriteriaId": "9C3A062D-48B0-4FB0-9B9B-D446D315AD93", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17:*:*:*:*:*:*", "matchCriteriaId": "01A38D6B-0D09-4FC0-B836-1304F61268B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.1:*:*:*:*:*:*", "matchCriteriaId": "490B0120-D1B7-4C8B-B398-2485291E9E5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.2:*:*:*:*:*:*", "matchCriteriaId": "34715564-49B1-4616-99B3-E3B11CF9564D", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.3:*:*:*:*:*:*", "matchCriteriaId": "875D15CF-0BCA-43B7-8E78-BD82DED81BE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.4:*:*:*:*:*:*", "matchCriteriaId": "1D5CD7D3-21B1-452F-8822-47CC9CA8BBE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.5:*:*:*:*:*:*", "matchCriteriaId": "01C664BC-113B-4E41-B193-44E04908D9BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.6:*:*:*:*:*:*", "matchCriteriaId": "901547DD-3ABB-4D27-A617-2F53DCF33A4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.7:*:*:*:*:*:*", "matchCriteriaId": "D7CB0457-0711-4823-A296-BBB14BC719CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "7C19783B-FD71-448A-9837-9CC185FAEE95", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7C191BC7-1324-4D3D-8EC1-CA6B1A937AD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "3BD64614-E236-4556-963E-35089BB4BB93", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "CF9D8992-E2A7-4D51-9CAC-151D99937A66", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "88B2D61F-5348-49C1-B35E-B52B960EEC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "1B5FAD26-9C56-4A7C-A158-648CBEE44F5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "291A1ED4-786C-4917-8998-2308E31C8E30", "vulnerable": true}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "EAC43D60-CFF5-4FA9-9CE3-CFC6825EEAA7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function."}, {"lang": "es", "value": "El framework Strapi versiones anteriores a 3.0.0-beta.17.8, es vulnerable a una Ejecuci\u00f3n de C\u00f3digo Remota en los componentes del Plugin de Instalaci\u00f3n y Desinstalaci\u00f3n del panel de Administraci\u00f3n, ya que no sanea el nombre del plugin y los atacantes pueden inyectar comandos de shell arbitrarios para ser ejecutados mediante la funci\u00f3n execa."}], "id": "CVE-2019-19609", "lastModified": "2024-11-21T04:35:03.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-05T20:15:10.200", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/strapi/strapi/pull/4636"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/strapi/strapi/pull/4636"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}