CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL subscription resulting in unauthorized users getting event o...

CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL subscription resulting in unauthorized users getting event o...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.3.0 through 10.5.0, which stems from improper permission checking of GraphQL subscriptions, resulting in an information...

PT-2023-26483 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 10.3.0 through 10.4.x Description: The issue concerns the improper checking of permission filters when using GraphQL subscriptions, resulting in unauthorized users receiving events they should not have access to. This affect...

MAL-2023-1154 Malicious code in directus-codestyle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a40b79e42e3f1936af95ffd63d1c7652667a9f770625849aa7698f2bfcfca8e1 The OpenSSF Package Analysis project identified 'directus-codestyle' @ 1.3.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in directus-codestyle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a40b79e42e3f1936af95ffd63d1c7652667a9f770625849aa7698f2bfcfca8e1 The OpenSSF Package Analysis project identified 'directus-codestyle' @ 1.3.1 npm as malicious. It is considered malicious because: - The package...

Directus API vulnerable to denial of service

An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests...

GHSA-3GVP-54V2-2JRP Directus API vulnerable to denial of service

An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests...

CVE-2020-19850

An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests...

CVE-2020-19850

An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests...

Design/Logic Flaw

An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests...

CVE-2020-19850

An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests...

Directus 资源管理错误漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in the Directus API version v.2.2.0. A remote attacker could exploit this vulnerability to cause a denial of service via a large number of HTTP requests to the system...

CVE-2020-19850

An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests...

CVE-2020-19850

CVE-2020-19850 affects Directus API v2.2.0. It allows a remote attacker to cause a denial of service by sending a large number of HTTP requests. CVSS v3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). The vulnerability concerns Directus API’s handling of request volume and could impact av...

PT-2023-11539 · Unknown · Directus Api

Name of the Vulnerable Software and Affected Versions: Directus API version 2.2.0 Description: A denial of service issue in the Directus API allows a remote attacker to cause a denial of service by sending a large number of HTTP requests. Recommendations: For Directus API version 2.2.0, consider...

Information Disclosore

directus is vulnerable to Information Disclosure. The vulnerability exists due to pinoHTTP in logger.ts because the directusrefreshtoken is not properly redacted which allows an attacker to gain sensitive information through the log files...

CVE-2023-28443

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the directusrefreshtoken is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3...

Code injection

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the directusrefreshtoken is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3...

CVE-2023-28443

CVE-2023-28443 affects Directus before version 9.23.3, where the token directus_refresh_token is not redacted in logs, enabling potential user impersonation. The root cause is improper token redaction in log output, leading to sensitive data exposure via logging. The vulnerability requires access...