logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2019-19609

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2019-19609

Description:
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
Last updated date:
09/14/2021

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
05/17/2024
Reference url to background

https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf

Type:
exploit
Confidence:
HIGH
Date of publishing:
08/29/2021
Reference url to background

https://github.com/4ugury/CVE-2019-19609

Type:
exploit
Confidence:
HIGH
Date of publishing:
08/29/2021
Type:
exploit
Confidence:
HIGH
Date of publishing:
08/29/2021
Reference url to background

https://github.com/ebadfd/CVE-2019-19609

Type:
exploit
Confidence:
HIGH
Date of publishing:
08/29/2021
Reference url to background

https://github.com/z9fr/CVE-2019-19609

Type:
exploit
Confidence:
HIGH
Date of publishing:
08/29/2021
Type:
exploit
Confidence:
HIGH
Date of publishing:
08/31/2021
Type:
exploit
Confidence:
HIGH
Date of publishing:
09/14/2021
Type:
exploit
Confidence:
HIGH
Date of publishing:
09/14/2021
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy