Security Disclosure of Vulnerabilities: CVE-2024-31217, CVE-2024-29181, and CVE-2024-34065 for June 2024

Three security vulnerabilities have been patched in the Strapi framework, including a Denial-of-Service issue, lax RBAC access control on fields rendering lists of relations, and an Open Redirect combined with transmission of session tokens via URL query parameters. The patches were released in version v4.24.2. Strapi has followed responsible disclosure practices by patching the vulnerabilities before full disclosure and notifying customers to upgrade their servers.