CVE-2020-27665

Published October 22nd, 2020

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

5

MEDIUM

Affected

1

PROJECT

Description

In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.

🚀 Strapi is the leading open-source headless CMS. It’s 100% JavaScript/TypeScript, fully customizable, and developer-first.

GitHub

72.3K