CVE-2024-52588 Information

Description

Strapi is an open-source content management system. Prior to version 4.25.2 inputting a local domain into the Webhooks URL field leads to the application fetching itself resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2.

Reference

https://github.com/strapi/strapi/security/advisories/GHSA-v8wj-f5c7-pvxf