@strapi/plugin-upload@4.11.7 vulnerabilities

Makes it easy to upload images and files to your Strapi Application.

Direct Vulnerabilities

Known vulnerabilities in the @strapi/plugin-upload package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Uncaught Exception

@strapi/plugin-upload is a Makes it easy to upload images and files to your Strapi Application.

Affected versions of this package are vulnerable to Uncaught Exception in the media upload process. An attacker can cause the server to crash without restarting, affecting either development and production environments. Notes:

  1. By sending a specially-crafted request, the entire server crashes with the thrown error instead of crashing only the single request and returning error 500 to the user.

  2. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well.

How to fix Uncaught Exception?

Upgrade @strapi/plugin-upload to version 4.22.0 or higher.

<4.22.0