CVE-2020-27664

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-27664

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27664.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-27664

Aliases

GHSA-7frv-9phw-vrvr

Published

2020-10-22T19:15:13.777Z

Modified

2025-11-14T11:00:28.687998Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.

References

Affected packages

Git / github.com/strapi/strapi

Affected ranges

Type: GIT
Repo: https://github.com/strapi/strapi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c78591553f5509fcadc8c719f6af6f1bf0e734f3

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v3.*

v3.0.0

v3.0.0-alpha.10.1

v3.0.0-alpha.10.2

v3.0.0-alpha.10.3

v3.0.0-alpha.11

v3.0.0-alpha.11.1

v3.0.0-alpha.11.2

v3.0.0-alpha.11.3

v3.0.0-alpha.12

v3.0.0-alpha.12.1

v3.0.0-alpha.12.2

v3.0.0-alpha.12.3

v3.0.0-alpha.12.4

v3.0.0-alpha.12.5

v3.0.0-alpha.12.6

v3.0.0-alpha.12.7

v3.0.0-alpha.12.7.1

v3.0.0-alpha.13

v3.0.0-alpha.13.0.1

v3.0.0-alpha.13.1

v3.0.0-alpha.14

v3.0.0-alpha.14.1

v3.0.0-alpha.14.1.1

v3.0.0-alpha.14.2

v3.0.0-alpha.14.3

v3.0.0-alpha.14.4.0

v3.0.0-alpha.14.5

v3.0.0-alpha.15

v3.0.0-alpha.16

v3.0.0-alpha.17

v3.0.0-alpha.18

v3.0.0-alpha.19

v3.0.0-alpha.20

v3.0.0-alpha.21

v3.0.0-alpha.22

v3.0.0-alpha.23

v3.0.0-alpha.23.1

v3.0.0-alpha.24

v3.0.0-alpha.24.1

v3.0.0-alpha.25

v3.0.0-alpha.25.1

v3.0.0-alpha.25.2

v3.0.0-alpha.26

v3.0.0-alpha.26.1

v3.0.0-alpha.26.2

v3.0.0-alpha.4

v3.0.0-alpha.4.8

v3.0.0-alpha.5.3

v3.0.0-alpha.5.5

v3.0.0-alpha.6.3

v3.0.0-alpha.6.4

v3.0.0-alpha.6.7

v3.0.0-alpha.7.3

v3.0.0-alpha.8

v3.0.0-alpha.8.3

v3.0.0-alpha.9

v3.0.0-alpha.9.1

v3.0.0-alpha.9.2

v3.0.0-beta.0

v3.0.0-beta.1

v3.0.0-beta.10

v3.0.0-beta.11

v3.0.0-beta.12

v3.0.0-beta.13

v3.0.0-beta.14

v3.0.0-beta.15

v3.0.0-beta.16

v3.0.0-beta.16.1

v3.0.0-beta.16.2

v3.0.0-beta.16.3

v3.0.0-beta.16.4

v3.0.0-beta.16.5

v3.0.0-beta.16.6

v3.0.0-beta.16.7

v3.0.0-beta.16.8

v3.0.0-beta.17

v3.0.0-beta.17.1

v3.0.0-beta.17.2

v3.0.0-beta.17.3

v3.0.0-beta.17.4

v3.0.0-beta.17.5

v3.0.0-beta.17.6

v3.0.0-beta.17.7

v3.0.0-beta.17.8

v3.0.0-beta.18

v3.0.0-beta.18.1

v3.0.0-beta.18.2

v3.0.0-beta.18.3

v3.0.0-beta.18.4

v3.0.0-beta.18.5

v3.0.0-beta.18.6

v3.0.0-beta.18.7

v3.0.0-beta.18.8

v3.0.0-beta.19

v3.0.0-beta.19.1

v3.0.0-beta.19.2

v3.0.0-beta.19.3

v3.0.0-beta.19.4

v3.0.0-beta.19.5

v3.0.0-beta.2

v3.0.0-beta.20

v3.0.0-beta.20.1

v3.0.0-beta.20.2

v3.0.0-beta.20.3

v3.0.0-beta.3

v3.0.0-beta.4

v3.0.0-beta.5

v3.0.0-beta.6

v3.0.0-beta.7

v3.0.0-beta.8

v3.0.0-beta.9

v3.0.0-rc.0

v3.0.0-rc.1

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27664.json"