4 matches found
Denial-of-Service (DoS)
@strapi/plugin-upload is vulnerable to Denial-of-Service DoS. The vulnerability is due to the server crashing without restarting when handling errors, causing it to become unavailable for all clients until manually restarted...
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +61 more potentially affected by CVE-2024-31217 via @strapi/plugin-upload (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.21.1)
@strapi/plugin-upload NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =9.0.2 and more Source cves: CVE-2024-31217 Source advisory: OSV:GHSA-PM9Q-XJ9P-96PM...
CVE-2024-31217
CVE-2024-31217 is a DoS in Strapi’s media upload via @strapi/plugin-upload prior to version 4.22.0. The vulnerability can crash the server during file uploads without restart, affecting both development and production environments. The issue arises when errors are mishandled, causing the server t...
Unsecured Proxy
strapi-plugin-upload contains an unsecured proxy. An unauthenticated user is able to access the proxy without any authorization, allowing for access to other protected resources...