CVE-2023-27481
- EPSS 0.29%
- Veröffentlicht 07.03.2023 19:15:12
- Zuletzt bearbeitet 21.11.2024 07:52:59
Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functio...
CVE-2023-26492
- EPSS 0.08%
- Veröffentlicht 03.03.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:51:37
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the securit...
CVE-2022-26969
- EPSS 0.91%
- Veröffentlicht 26.12.2022 06:15:10
- Zuletzt bearbeitet 14.04.2025 15:15:17
In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.
CVE-2022-36031
- EPSS 0.26%
- Veröffentlicht 19.08.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 07:12:13
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. Th...