Описание
Server-Side Request Forgery in Directus
Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality, which allows a low privileged user to perform internal network port scans.
Пакеты
Наименование
directus
npm
Затронутые версииВерсия исправления
>= 9.0.0-beta.2, < 9.7.0
9.7.0
Связанные уязвимости
CVSS3: 5
nvd
больше 3 лет назад
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.