Description

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch.

INFO

Published Date :

2024-06-12T14:50:37.999Z

Last Modified :

2024-08-02T01:46:04.759Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-31217 vulnerability.

Vendors Products
Strapi
  • Strapi
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-31217.

URL Resource
https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7 cve-icon cve-icon
https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact