11.3.5
4 years ago
2 days ago
Known vulnerabilities in the directus package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Note: When chained with CVE-2024-6533, it could result in account takeover. How to fix Authorization Bypass Through User-Controlled Key? There is no fixed version for | * |
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via an attacker-controlled parameter that is stored on the server and subsequently used unsanitized in a DOM element. An attacker can execute arbitrary JavaScript on the client by injecting malicious code into this parameter. Note: When chained with CVE-2024-6534, it could result in account takeover. How to fix Cross-site Scripting (XSS)? There is no fixed version for | * |