pkg:npm/@strapi/plugin-users-permissions

All known vulnerabilities

• CRITICAL10.0CVE-2023-22621Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
  from 0, < 4.5.6
• HIGH7.6CVE-2023-39345Unauthorized Access to Private Fields in User Registration API
  >= 4.0.0, < 4.13.1
• HIGH7.3CVE-2023-38507Strapi Improper Rate Limiting vulnerability
  from 0, < 4.12.1
• HIGH7.1@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
  from 0, < 4.24.2
• —Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
  from 0, < 5.33.3
• —Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
  from 0, < 5.45.0
• —Strapi does not verify the access or ID tokens issued during the OAuth flow
  >= 3.2.1, < 4.6.0