CVE-2022-23080

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23080
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23080.json
Aliases
Published
2022-06-22T16:15:07Z
Modified
2023-11-29T09:27:24.941608Z
Details

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

References

Affected packages

Git / github.com/directus/directus

Affected ranges

Type
GIT
Repo
https://github.com/directus/directus
Events
Fixed
6da3f1ed5034115b1da00440008351bf0d808d83
Introduced
ba72d2cfd040f7f0db282ccac006f36df6f05058

Affected versions

v9.*

v9.0.1
v9.1.0
v9.1.1
v9.1.2
v9.2.0
v9.2.1
v9.2.2
v9.3.0
v9.4.0
v9.4.1
v9.4.2
v9.4.3
v9.5.0
v9.5.1
v9.5.2
v9.6.0