Denial-of-Service Vulnerability in Strapi Media Upload Functionality
CVE-2024-31217

6.5MEDIUM

Key Information:

Vendor: Strapi
Status: Strapi
Vendor: CVE Published:; 12 June 2024

What is CVE-2024-31217?

The Strapi content management system presents a denial-of-service vulnerability in its media upload process prior to version 4.22.0. This flaw allows users with access to file uploads to exploit the system, causing a server crash that disrupts availability for all clients. Unlike typical application errors that log incidents while keeping the server operational, this vulnerability halts server execution entirely, requiring a manual restart to restore service. The issue is present in both development and production environments, making it critical for users to upgrade the @strapi/plugin-upload to version 4.22.0 to mitigate the risks.

References

https://github.com/strapi/strapi/security/advisories/GHSA...

https://github.com/strapi/strapi/commit/a0da7e73e1496d835...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2024

CVE-2024-31217 Data

JSON