GHSA-5h75-pvq4-82c9

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-5h75-pvq4-82c9/GHSA-5h75-pvq4-82c9.json
Aliases
  • CVE-2022-23080
Published
2022-06-23T00:00:33Z
Modified
2022-06-23T17:49:22Z
Details

Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality, which allows a low privileged user to perform internal network port scans.

References

Affected packages

npm / directus

directus

Affected ranges

Type
SEMVER
Events
Introduced
9.0.0-beta.2
Fixed
9.7.0

Affected versions