pkg:npm/@strapi/plugin-users-permissions

共 7 筆 CVECRITICAL1HIGH3

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL10.0CVE-2023-22621Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
    from 0, < 4.5.6
  • HIGH7.6CVE-2023-39345Unauthorized Access to Private Fields in User Registration API
    >= 4.0.0, < 4.13.1
  • HIGH7.3CVE-2023-38507Strapi Improper Rate Limiting vulnerability
    from 0, < 4.12.1
  • HIGH7.1CVE-2024-34065@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
    from 0, < 4.24.2
  • CVE-2026-22706Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
    from 0, < 5.33.3
  • CVE-2025-64526Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
    from 0, < 5.45.0
  • CVE-2023-22893Strapi does not verify the access or ID tokens issued during the OAuth flow
    >= 3.2.1, < 4.6.0