Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-06-20T00:00:00
Updated: 2024-08-02T03:57:39.785Z
Reserved: 2024-06-10T00:00:00
Link: CVE-2024-37818
Vulnrichment
Updated: 2024-07-25T17:48:37.425Z
NVD
Status : Awaiting Analysis
Published: 2024-06-20T19:15:50.260
Modified: 2024-08-01T13:54:17.330
Link: CVE-2024-37818
Redhat
No data.