In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.
Metrics
Affected Vendors & Products
Configuration 1 [-]
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-5940 | In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans. |
 Github GHSA |
GHSA-5h75-pvq4-82c9 | Server-Side Request Forgery in Directus |
Fixes
Solution
Update version to v9.7.0 or later
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Mend
Published:
Updated: 2024-09-17T02:22:06.874Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-23080
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-22T16:15:07.930
Modified: 2024-11-21T06:47:56.363
Link: CVE-2022-23080
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses