CVE-2024-31217: @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

June 12, 2024

A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments.

References

github.com/advisories/GHSA-pm9q-xj9p-96pm
github.com/strapi/strapi
github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7
github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm
nvd.nist.gov/vuln/detail/CVE-2024-31217

Code Behaviors & Features

Detect and mitigate CVE-2024-31217 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →