Design/Logic Flaw

2019-07-1915:15:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.

CPENameOperatorVersion
directus_7_apilt2.3.0

CPE	Name	Operator	Version
	directus_7_api	lt	2.3.0

References

github.com/directus/api/issues/981

github.com/directus/api/projects/44