6.5

CVE-2023-45820

Exploit

EPSS 0.69%
Veröffentlicht 19.10.2023 19:15:15
Zuletzt bearbeitet 21.11.2024 08:27:25
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Directus crashes on invalid WebSocket message

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Monospace ≫ Directus SwPlatformnode.js Version >= 10.4.0 < 10.6.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.478

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb

Patch

https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-45820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45820

EUVD