Home > Vulnerability Database > CVE-2024-31217

Mend.io Vulnerability Database

CVE-2024-31217

Good to know:

Date: June 12, 2024

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch.

Language: TYPE_SCRIPT

Severity Score

5.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31217

Url: https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7

Url: https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm

Url: https://github.com/strapi/strapi

Url: https://www.mend.io/vulnerability-database/CVE-2024-31217

Severity Score

5.3

Weakness Type (CWE)

Uncaught Exception

CWE-248

Top Fix

Upgrade Version

Upgrade to version @strapi/plugin-upload - 4.22.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31217

Good to know:

Date: June 12, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?