Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request.
This issue was fix?
This topic has been created from a Discord post (1286119752930033674) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord