CVE-2019-19609 – Strapi / Strapi – OS command injection

September 8, 2021

CVE-2019-19609 is an OS command injection vulnerability impacting multiple versions of Strapi. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2019-19609 is an OS command injection vulnerability impacting multiple versions of Strapi. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

Exploit DB link –
https://www.exploit-db.com/exploits/50239

Known Counter Measures:

The vendor addressed the vulnerability in Strapi version 3.0.0-beta.17.8.

Links to patches(if available)

https://github.com/strapi/strapi/pull/4636

You may have missed

news

UK Shoppers Warned: Over £11.5m Lost to Scammers Last Christmas

November 19, 2024
news

FTC Reports 50% Decline in Scam and Nuisance Calls Since 2021

November 19, 2024
news

BeaverTail Phishing Campaign: The Threat of North Korean IT Workers

November 19, 2024
news

Phishing Scam Alert: Fake Donald Trump Assassination Story Circulating

November 19, 2024
news

Increase in DocuSign Phishing Attacks Targeting US State Contractors

November 19, 2024