@directus/api vulnerabilities

Directus is a real-time API and App dashboard for managing SQL database content

29.1.1

2 years ago

12 days ago

Known vulnerabilities in the @directus/api package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
C External Control of File Name or Path	*
M Improper Authorization	<28.0.0
M Exposure of Sensitive System Information to an Unauthorized Control Sphere	<28.0.0
M Improper Removal of Sensitive Information Before Storage or Transfer	<28.0.0
M Insertion of Sensitive Information into Log File	>=27.0.0 <28.0.0
H Uninitialized Memory Exposure	<25.0.0
M Operation on a Resource after Expiration or Release	>=18.0.0 <25.0.0
M Information Exposure	<25.0.0
M Allocation of Resources Without Limits or Throttling	<25.0.0
M Allocation of Resources Without Limits or Throttling	<25.0.0
M Incorrect Authorization	>=22.0.0 <23.1.0
M Improper Privilege Management	<23.1.1
H Information Exposure	>=22.2.0 <23.2.0
M Insertion of Sensitive Information into Log File	<21.0.0
M Server-side Request Forgery (SSRF)	<21.0.0>=22.0.0 <22.1.1
M Session Fixation	<21.0.1>=22.0.0 <22.2.0

87 VERSIONS IN TOTAL