GHSA-5h75-pvq4-82c9

Source

https://github.com/advisories/GHSA-5h75-pvq4-82c9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-5h75-pvq4-82c9/GHSA-5h75-pvq4-82c9.json

Aliases

• CVE-2022-23080

Published

2022-06-23T00:00:33Z

Modified

2023-11-08T04:08:16.216901Z

Details

Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality, which allows a low privileged user to perform internal network port scans.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-23080
• https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83
• https://github.com/directus/directus
• https://www.mend.io/vulnerability-database/CVE-2022-23080