CVE-2024-31217

Name of the Vulnerable Software and Affected Versions Strapi versions prior to 4.22.0

Description A denial-of-service issue is present in the media upload process, causing the server to crash without restarting. This affects both development and production environments. Usually, errors in the application cause it to log the error and keep running for other clients, but this behavior stops the server execution, making it unavailable until manually restarted. Any user with access to the file upload functionality can exploit this issue. The estimated number of potentially affected devices is not provided.

Recommendations For versions prior to 4.22.0, upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch. As a temporary workaround, consider restricting access to the file upload functionality to minimize the risk of exploitation.