目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

Directus 产品漏洞列表 / CVE 中文分析 59

Directus 产品相关 59 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

Directus 是一款开源数据平台,本页面聚合了与其相关的各类安全漏洞信息。收录内容涵盖身份认证绕过、权限提升及注入攻击等高风险弱点,时间范围从早期版本至今的全部公开记录。通过此页面,您可以快速追踪 Directus 官方发布的安全公告,深入理解特定类型的安全缺陷机制,并便捷检索该产品历史上的所有漏洞详情。这有助于开发者和运维人员及时掌握潜在风险,评估现有系统受影响程度,从而采取针对性的修复措施以保障数据平台的安全稳定运行。

ベンダー: directus

CVE IDタイトルCVSS深刻度公開日
CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations CWE-200 7.5 High2024-12-09
CVE-2024-54128 Directus has an HTML Injection in Comment CWE-80 5.7 Medium2024-12-05
CVE-2024-47822 Directus inserts access token from query string into logs CWE-532 4.2 Medium2024-10-08
CVE-2024-46990 SSRF Loopback IP filter bypass in directus CWE-284 5.0 Medium2024-09-18
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used CWE-524 7.4 High2024-09-10
CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets CWE-639 4.3 Medium2024-08-15
CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options CWE-79 5.4 Medium2024-08-15
CVE-2024-39896 Directus allows SSO User Enumeration CWE-200 7.5 High2024-07-08
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS) CWE-400 6.5 Medium2024-07-08
CVE-2024-39701 Directus Incorrectly handles _in` filter CWE-284 6.3 Medium2024-07-08
CVE-2024-39699 Directus has a Blind SSRF On File Import CWE-918 5.0 Medium2024-07-08
CVE-2024-36128 Directus is soft-locked by providing a string value to random string util CWE-754 7.5 High2024-06-03
CVE-2024-34709 Directus Lacks Session Tokens Invalidation CWE-613 5.4 Medium2024-05-13
CVE-2024-34708 Directus allows redacted data extraction on the API through "alias" CWE-200 4.9 Medium2024-05-13
CVE-2024-28238 Session Token in URL in directus CWE-200 2.3 Low2024-03-12
CVE-2024-28239 URL Redirection to Untrusted Site in OAuth2/OpenID in directus CWE-601 5.4 Medium2024-03-12
CVE-2024-27296 Directus version number disclosure CWE-200 5.3 Medium2024-03-01
CVE-2024-27295 Directus MySQL accent insensitive email matching CWE-706 8.2 High2024-03-01
CVE-2023-45820 Directus crashes on invalid WebSocket message CWE-755 5.9 Medium2023-10-19
CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions CWE-200 5.7 Medium2023-07-25
CVE-2023-28443 directus vulnerable to Insertion of Sensitive Information into Log File CWE-532 4.2 Medium2023-03-23
CVE-2023-27481 Extract password hashes through export querying in directus CWE-200 4.3 Medium2023-03-07
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus CWE-79 8.0 High2023-03-06
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import CWE-918 5.0 Medium2023-03-03
CVE-2022-36031 Unhandled exception on illegal filename_disk value CWE-755 6.5 Medium2022-08-19
CVE-2022-23080 directus - SSRF which leads to internal port scan CWE-918 5.0 -2022-06-22
CVE-2022-24814 Cross-site Scripting in Directus CWE-79 8.8 High2022-04-04
CVE-2022-22117 Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image CWE-79 5.4 Medium2022-01-10
CVE-2022-22116 Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload CWE-79 5.4 Medium2022-01-10

Directus 产品累计公开 59 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。