directus/v8-archive

directus/v8-archive

docs.directus.io

Releases77

Frequency1 week 3 days

Last Release almost 6 years ago

Stars512

Directus Database API — Wraps Custom SQL Databases with a REST/GraphQL API

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-19850 ↗	Apr 4, 2023Tuesday, 4 April 2023, 15:15	6.5 MEDIUM	—
An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.
CVE-2019-13979 ↗	Jul 19, 2019Friday, 19 July 2019, 15:15	—	6.8 MEDIUM
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
CVE-2019-13980 ↗	Jul 19, 2019Friday, 19 July 2019, 15:15	—	6.8 MEDIUM
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
CVE-2019-13981 ↗	Jul 19, 2019Friday, 19 July 2019, 15:15	—	5 MEDIUM
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.
CVE-2019-13983 ↗	Jul 19, 2019Friday, 19 July 2019, 15:15	—	5 MEDIUM
Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.
CVE-2019-13984 ↗	Jul 19, 2019Friday, 19 July 2019, 15:15	—	6.8 MEDIUM
Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.