CVE-2024-37818

Name of the Vulnerable Software and Affected Versions Strapi version 4.24.4

Description The issue allows attackers to scan for open ports or access sensitive information via a crafted GET request to the "/strapi.io/ next/image" component. This is a Server-Side Request Forgery (SSRF) vulnerability. The Strapi Development Community argues that this issue is not valid, contending that the flaw only pertains to the strapi.io website and does not pose any real SSRF risk to applications using the Strapi library.

Recommendations For Strapi version 4.24.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.