CVE-2019-13984

Published July 19th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.

directus/v8-archive

Directus Database API — Wraps Custom SQL Databases with a REST/GraphQL API

GitHub

512