Homepage
About Snyk

@strapi/plugin-upload@0.0.0-fa503ef438b8c6b7335b9bb79c9d690631b46bd6 vulnerabilities

Makes it easy to upload images and files to your Strapi Application.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @strapi/plugin-upload package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Uncaught Exception

@strapi/plugin-upload is a Makes it easy to upload images and files to your Strapi Application.

Affected versions of this package are vulnerable to Uncaught Exception in the media upload process. An attacker can cause the server to crash without restarting, affecting either development and production environments. Notes:

  1. By sending a specially-crafted request, the entire server crashes with the thrown error instead of crashing only the single request and returning error 500 to the user.

  2. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well.

How to fix Uncaught Exception?

Upgrade @strapi/plugin-upload to version 4.22.0 or higher.

<4.22.0
Go back to all versions of this package