Timyboy12345

**Name of the Vulnerable Software and Affected Versions** strapi versions prior to 4.1.0 **Description** The issue is related to arbitrary command injection in the strapi repository. This occurs due to improper sanitization of user input, specifically when creating a strapi app using the template cli argument. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of the `template` cli argument, which allows for arbitrary command injection due to the lack of proper input sanitization. **Recommendations** For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `template` cli argument to minimize the risk of exploitation. Avoid using the `template` cli argument in the affected API endpoint until the issue is resolved.