@strapi/plugin-upload@0.0.0-experimental.18019758d6ccd252f2f00bcc32c191402af2e60a vulnerabilities

Makes it easy to upload images and files to your Strapi Application.

Direct Vulnerabilities

Known vulnerabilities in the @strapi/plugin-upload package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Uncaught Exception

@strapi/plugin-upload is a Makes it easy to upload images and files to your Strapi Application.

Affected versions of this package are vulnerable to Uncaught Exception in the media upload process. An attacker can cause the server to crash without restarting, affecting either development and production environments. Notes:

  1. By sending a specially-crafted request, the entire server crashes with the thrown error instead of crashing only the single request and returning error 500 to the user.

  2. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well.

How to fix Uncaught Exception?

Upgrade @strapi/plugin-upload to version 4.22.0 or higher.

<4.22.0