Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request.
This topic has been created from a Discord post (1286120435221532763) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord