CVE-2021-26595

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-26595
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26595.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-26595
Published
2021-02-23T19:15:13.853Z
Modified
2026-04-10T04:31:18.979318Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

Affected packages

Git / github.com/directus/directus

Affected ranges

Type
GIT
Repo
https://github.com/directus/directus
Events
Introduced
7a0ddbd38e44f1f2c188dfdc6840e72be5126798
Last affected
5bdfc79eef6a82f8f075af27880f2a5fb85a7bee
Database specific 
{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.8.1"
        }
    ]
}

Affected versions

v8.*
v8.0.0
v8.0.1
v8.0.2
v8.1.0
v8.2.0
v8.3.0
v8.3.1
v8.4.0
v8.5.0
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.6.0
v8.6.1
v8.6.2
v8.7.0
v8.7.1
v8.7.2
v8.8.0
v8.8.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26595.json"