Default configuration

In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...

CVE-2022-26969

In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...

CVE-2022-26969

In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...

Directus 安全漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.7.0 that stems from the default setting of CORSORIGIN and CORSENABLED to true...

CVE-2022-26969

CVE-2022-26969 affects Directus prior to version 9.7.0, where the default settings for CORS_ORIGIN and CORS_ENABLED are true. The Red Hat and NVD entries confirm this issue, with a high-severity CVSS v3.1 base score (9.8, CRITICAL) and a network-based vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)....

@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2022-39300 via node-saml (=4.0.0-beta.2)

node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2022-39300 Source advisory: OSV:GHSA-5P8W-2MVW-38PV...

@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2022-39299 via node-saml (=4.0.0-beta.2)

node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2022-39299 Source advisory: OSV:GHSA-M974-647V-WHV7...

GHSA-77QM-WVQQ-FG79 Directus vulnerable to unhandled exception on illegal filename_disk value

The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. The vulnerability is patched and released in v9.15.0. You can prevent this problem by making sure no untrusted non-admin users have...

Directus vulnerable to unhandled exception on illegal filename_disk value

The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. The vulnerability is patched and released in v9.15.0. You can prevent this problem by making sure no untrusted non-admin users have...

CVE-2022-36031

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

Double free

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

CVE-2022-36031

Directus CVE-2022-36031 affects the Directus data platform. The issue arises when an authorized (non-admin) user with permission to update the filename_disk field on directus_files changes the value to a folder and then accesses that file via the /assets endpoint, causing the Directus process to ...

CVE-2022-36031 Unhandled exception on illegal filename_disk value

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

CVE-2022-36031 Unhandled exception on illegal filename_disk value

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

CVE-2022-36031 Unhandled exception on illegal filename_disk value

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

PT-2022-23129 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.15.0 Description: The Directus process can be aborted by having an authorized user update the filename disk value to a folder and accessing that file through the "/assets" endpoint. This issue has been patched and...

Directus 安全漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus, which can be exploited by an attacker to abort the Directus process...

GHSA-5H75-PVQ4-82C9 Server-Side Request Forgery in Directus

Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality, which allows a low privileged user to perform internal network port scans...

Server-Side Request Forgery in Directus

Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality, which allows a low privileged user to perform internal network port scans...

CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...