[strapi] Strapi mishandles hidden attributes within admin API responses

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-31367
• https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367
• https://github.com/strapi/strapi/releases/tag/v3.6.10
• https://github.com/strapi/strapi/releases/tag/v4.1.10
• https://github.com/strapi/strapi/pull/13185
• https://github.com/strapi/strapi/pull/13189
• https://github.com/advisories/GHSA-4phg-hpqm-c3j4