Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request.
{ "nvd_published_at": "2024-06-20T19:15:50Z", "cwe_ids": [ "CWE-918" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-10-04T23:33:29Z" }