Main Vulnerability Database SB2024061245

SB2024061245 - Uncaught Exception in strapi

Published: June 12, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024061245

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Uncaught Exception (CVE-ID: CVE-2024-31217)

The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to uncaught exception in the media upload process when handling a crafted file upload request. A remote user can send a specially crafted upload request containing a null byte in the filename extension to cause a denial of service.

The issue affects both development and production environments and causes the server to remain unavailable until it is manually restarted.

Remediation

Install update from vendor's website.

References

https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm
https://github.com/advisories/GHSA-pm9q-xj9p-96pm