Directus@9.0.0 Security Vulnerabilities and Issues — Directus@9.0.0 CVE List

Lucene search

RangerstudioDirectus9.0.0

3 matches found

CVE•added 2022/06/22 4:15 p.m.•75 views

CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

5CVSS5.4AI score0.0017EPSS

CVE•added 2022/01/10 4:15 p.m.•49 views

CVE-2022-22117

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens...

5.4CVSS5.1AI score0.00206EPSS

CVE•added 2022/01/10 4:15 p.m.•47 views

CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...

5.4CVSS5.2AI score0.00206EPSS