Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Vulnerability Description
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
Strapi 安全漏洞
Vulnerability Description
Strapi是一套开源的内容管理系统(CMS)。 Strapi 4.22.0之前版本存在安全漏洞,该漏洞源于媒体上传过程中存在拒绝服务漏洞,导致服务器崩溃。
CVSS Information
N/A
Vulnerability Type
N/A