Name of the Vulnerable Software and Affected Versions strapi versions prior to 3.0.0-beta.17.8

Description The issue is related to Command Injection due to the failure to sanitize plugin names in the "/admin/plugins/install/" route. This may allow an authenticated attacker with admin privileges to run arbitrary commands on the server.

Recommendations Upgrade to version 3.0.0-beta.17.8 or later. As a temporary workaround, consider restricting access to the "/admin/plugins/install/" route to minimize the risk of exploitation.