9 matches found
EUVD-2023-1043
Malicious code in bioql PyPI...
CVE-2023-26492
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
Impact Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. Patches The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or...
GHSA-4HMQ-GGRM-QFC6 directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
Impact Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. Patches The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or...
CVE-2023-26492
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
Server side request forgery (ssrf)
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...