Read Time:34 Second
Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.
According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. This means attackers need to gain access to a low-privileged account first and this can be achieved via compromised credentials, phishing or other methods.