15 matches found
Denial Of Service (DoS)
@directus/storage-driver-s3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed transformation requests, which allows an attacker to trigger a state where all assets return 403 errors, leading to asset unavailability across all Directus policies...
Denial Of Service (DoS)
@directus/storage-driver-s3 is vulnerable to Denial Of Service DoS. The vulnerability is due to asset unavailability caused by excessive HEAD requests, which allows an attacker to trigger 403 errors for all assets and deny access across all Directus policies...
CVE-2025-30225
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350
Directus and its storage-driver-s3 component are affected by a DoS-like asset unavailability vulnerability triggered by a burst of HEAD requests. Affected range: @directus/storage-driver-s3 versions prior to 12.0.1 (corresponding to Directus 9.22.0–11.5.0). When many HEAD checks occur, assets can...
CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225
The CVE affects Directus users via the @directus/storage-driver-s3 driver: versions 9.22.0 up to 11.5.0 (paired Directus 9.22.0 to 11.5.0) are vulnerable to asset unavailability after a burst of malformed transformation requests, causing all assets to return 403 under load. The issue is fixed in ...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.22.0 through 11.5.0 that stems from a large number of HEAD requests that could result in unavailable assets...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.22.0 through 11.5.0, which stems from a malformed conversion request that could lead to asset unavailability...