CVE-2024-39699Server-Side Request Forgery in Directus

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 75.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
DirectusMonospace DirectusDirectus API
Timeline
PublishedJul 8

Description

Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for exam

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages3 packages

npmdirectus/api< 17.1.0
CVEListV5directus/directus< 10.9.3
NVDmonospace/directus< 10.9.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Directus Blind SSRF On File Import2024-07-08
OSV
Directus Blind SSRF On File Import2024-07-08