-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability lies in the Strapi document service, which allowed unauthorized access to private fields through the lookup query parameter. The root cause was a lack of sanitization of the lookup parameter, which is intended for internal use only. An attacker could craft a URL with a malicious lookup parameter to filter data based on private fields, such as user passwords or API tokens, and infer their values.
The analysis of the patch 0c6e0953ae1e62afae9329de7ae6d6a5e21b95b8 reveals that the fix was to explicitly block the lookup parameter from being used in public-facing API calls. The vulnerable functions identified are:
find and findOne in packages/core/core/src/services/document-service/repository.ts: These are the primary entry points for the attack. They are used to retrieve data from the database and, before the patch, they did not validate the lookup parameter. The patch adds a validation step that throws an error if lookup is present in the request parameters.
statusToLookup in packages/core/core/src/services/document-service/draft-and-publish.ts: This function contributed to the vulnerability by merging the user-provided lookup object with its own query modifications for handling draft and published content. This allowed the malicious filter to be injected into the database query.
By exploiting this vulnerability, an attacker could potentially gain full access to the Strapi instance by extracting sensitive information like admin passwords and reset tokens.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @strapi/core | npm | >= 5.0.0, < 5.5.2 | 5.5.2 |
A Semantic Attack on Google Gemini - Read the Latest Research