CVE-2024-52588
Published
CVSS v3
4.9
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2.
🚀 Strapi is the leading open-source headless CMS. It’s 100% JavaScript/TypeScript, fully customizable, and developer-first.
GitHub