directus@10.10.6 vulnerabilities
Directus is a real-time API and App dashboard for managing SQL database content
-
latest version
11.2.1
-
first published
4 years ago
-
latest version published
10 days ago
-
licenses detected
- >=10.0.0
Direct Vulnerabilities
Known vulnerabilities in the directus package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the How to fix Authorization Bypass Through User-Controlled Key? Upgrade |
<10.13.2
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Note: When chained with CVE-2024-6533, it could result in account takeover. How to fix Authorization Bypass Through User-Controlled Key? There is no fixed version for |
*
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via an attacker-controlled parameter that is stored on the server and subsequently used unsanitized in a DOM element. An attacker can execute arbitrary JavaScript on the client by injecting malicious code into this parameter. Note: When chained with CVE-2024-6534, it could result in account takeover. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
*
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Information Exposure due to the error handling mechanism when integrating SSO with local authentication. An attacker can determine if a user is registered with an SSO provider by attempting to authenticate with an email that is already linked to an SSO account, which triggers a specific error message. How to fix Information Exposure? Upgrade |
>=10.0.0 <10.13.0
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Resource Exhaustion through the How to fix Resource Exhaustion? Upgrade |
<10.12.0
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the random string generation utility. An attacker can disrupt the service by providing a non-numeric length value, which leads to a memory issue that prevents the generation of random strings, affecting session refresh capabilities. How to fix Improper Check for Unusual or Exceptional Conditions? Upgrade |
<10.11.2
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Information Exposure through the Notes: This is only exploitable if the user has permissions to view any collection using redacted hashed fields. Steps to reproduce:
To confirm this vulnerability, visit How to fix Information Exposure? Upgrade |
<10.11.0
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the improper handling of session tokens during logout. An attacker can maintain access using a captured session token by exploiting this behavior. Notes: Steps to reproduce:
The lack of proper session expiration may improve the likely success of certain attacks. Incorrect token invalidation could allow an attacker to use the browser's history to access a Directus instance session previously accessed by the victim. How to fix Insufficient Session Expiration? Upgrade |
>=10.10.0 <10.11.0
|