directus@9.23.4 vulnerabilities
Directus is a real-time API and App dashboard for managing SQL database content
-
latest version
10.10.7
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
15 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the directus package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') via the How to fix URL Redirection to Untrusted Site ('Open Redirect')? Upgrade |
<10.10.0
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Information Exposure Through Sent Data via the process of reaching the How to fix Information Exposure Through Sent Data? Upgrade |
<10.10.0
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the password reset mechanism implementation combined with default database configurations in MySQL and MariaDB. This allows attackers in possession of a known good email address to redirect a password reset email intended for a victim by registering a similar email address with alternative characters that are considered equivalent to the same ones as characters in the stored email address, by the database engine. The API uses the supplied email address for sending the reset password mail instead of the email address from the database. How to fix Always-Incorrect Control Flow Implementation? Upgrade |
<10.8.3
|
directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the form of the version number, which is included in compiled JS bundles that are accessible without authentication. How to fix Exposure of Sensitive Information Through Metadata? Upgrade |
<10.8.3
|