Security Advisory

CVE-2019-19609

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-05 19:44:28

Last updated 2024-08-05 02:25:11

Assigner mitre

State PUBLISHED

Description

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

← Browse all CVEs View on cve.org ↗