How severe is CVE-2024-31217?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-31217?

This is classified as CWE-248, which is a common weakness in software security.

CVE-2024-31217 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch.

Related Vulnerabilities

CVE-2019-7474

MEDIUM

CVSS:6.5(Medium)

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability...

CWE-2482019

CVE-2020-27121

MEDIUM

CVSS:6.5(Medium)

A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Ser...

CWE-2482020

CVE-2021-36802

MEDIUM

CVSS:6.5(Medium)

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This iss...

CWE-2482021

CVE-2022-20761

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denia...

CWE-2482022

CVE-2022-41940

MEDIUM

CVSS:6.5(Medium)

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on th...

CWE-2482022

CVE-2023-22290

MEDIUM

CVSS:6.5(Medium)

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

CWE-2482023