April 23 (Cointime) - Security firm SlowMist has issued an alert regarding Strapi, a popular open-source headless content management system. According to a security reminder posted by Strapi, attackers could exploit known vulnerabilities to gain control of admin accounts or remotely execute code to take over server permissions.
Users of Strapi have been advised to upgrade their installations immediately to address the security risks.
"Do note that this vulnerability impacts all known Strapi v3 and Strapi v4 versions prior to v4.5.6. If you have not already upgraded beyond Strapi v4.5.6 we do urge you to do so as quickly as possible (we strongly advise upgrading beyond v4.8.0 where other security vulnerabilities were patched)." Strapi said in the post.
Strapi is used by a number of project parties, including developers, content managers, and marketers, to create and manage digital content for websites and applications.
🚨SlowMist Security Alert🚨
— SlowMist (@SlowMist_Team) April 23, 2023
The well-known Open-source Headless CMS @strapijs issued a security reminder that attackers can take advantage of known vulnerabilities to take over Admin accounts or RCE to take over server permissions. If there are project parties using this… pic.twitter.com/skoOK4iTgU
All Comments