logo
DATABASE RESOURCES PRICING ABOUT US

Server-Side Request Forgery in Directus

Description

Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality, which allows a low privileged user to perform internal network port scans.


Affected Software


CPE Name Name Version
directus 9.0.0-beta.2
directus 9.7.0

Related