CVE-2022-0764

Name of the Vulnerable Software and Affected Versions strapi versions prior to 4.1.0

Description The issue is related to arbitrary command injection in the strapi repository. This occurs due to improper sanitization of user input, specifically when creating a strapi app using the template cli argument. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of the template cli argument, which allows for arbitrary command injection due to the lack of proper input sanitization.

Recommendations For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the template cli argument to minimize the risk of exploitation. Avoid using the template cli argument in the affected API endpoint until the issue is resolved.