CVE-2024-37818 Information

Description

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request.

Reference

https://strapi.io/ https://medium.com/%40barkadevaibhav491/server-side-request-forgery-in-strapi-e02d5fe218ab