What is CVE-2019-19609?

CVE-2019-19609 is a vulnerability in N/a. Published 2019-12-05.

Is CVE-2019-19609 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell co…

EPSS: 0.811 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

bittherapy.net/post/strapi-framework-remote-code-execution/ (x_refsource_MISC)
github.com/strapi/strapi/pull/4636 (x_refsource_MISC)
packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Exe… (x_refsource_MISC)
packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Executi… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-19609?: CVE-2019-19609 is a vulnerability in N/a. Published 2019-12-05.
Is CVE-2019-19609 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.