Slackr

**Name of the Vulnerable Software and Affected Versions** Strapi framework versions prior to 3.0.0-beta.17.8 **Description** The issue allows for Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel. This is due to the lack of sanitization of the plugin name, enabling attackers to inject arbitrary shell commands. These commands are then executed by the `execa` function. **Recommendations** For versions prior to 3.0.0-beta.17.8, update to version 3.0.0-beta.17.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Install and Uninstall Plugin components of the Admin panel to minimize the risk of exploitation.