5 matches found
Incorrect Authorization
Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Incorrect Authorization in the aggregate query process when applying min or max functions to fields marked as concealed. An attacker can...
Allocation of Resources Without Limits or Throttling
Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the health check resolver process. An attacker can exhaust system resources, leading...
Allocation of Resources Without Limits or Throttling
Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL resolver process. An attacker can exhaust server resources and cause...
Cleartext Storage of Sensitive Information
Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that stores revision records and logs flow operation payloads, where sensitive fiel...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the filenamedisk parameter in the file management API. An...