Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2022-04-04 18:15

Modified

2024-11-21 06:51

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ "media_live_embeds": false }` to the _Options Overrides_ option of the Rich Text HTML interface.

References

URL	Tags
security-advisories@github.com	https://github.com/directus/directus/pull/12020	Issue Tracking, Patch, Third Party Advisory
security-advisories@github.com	https://github.com/directus/directus/releases/tag/v9.7.0	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/pull/12020	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/releases/tag/v9.7.0	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84	Mitigation, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "184298D9-4DB6-48A2-9A26-639913C4C9D3",
              "versionEndExcluding": "9.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ \"media_live_embeds\": false }` to the _Options Overrides_ option of the Rich Text HTML interface."
    },
    {
      "lang": "es",
      "value": "Directus es una API y un panel de control de aplicaciones en tiempo real para administrar el contenido de las bases de datos SQL. En versiones anteriores a 9.7.0, pod\u00eda ejecutarse JavaScript (JS) no autorizado mediante la inserci\u00f3n de un iframe en la interfaz html de texto enriquecido que enlaza con un archivo HTML cargado que carga otro archivo JS cargado en su etiqueta de script. Esto satisface el encabezado de la pol\u00edtica de seguridad de contenido regular, que a su vez permite que el archivo ejecute cualquier JS arbitrario. Este problema fue resuelto en versi\u00f3n 9.7.0. Como medida de mitigaci\u00f3n, deshabilite la inserci\u00f3n en vivo en \"what-you-see-is-what-you-get\" al a\u00f1adir \"{ \"media_live_embeds\": false }\" a la opci\u00f3n _Options Overrides_ de la interfaz HTML de Texto Enriquecido"
    }
  ],
  "id": "CVE-2022-24814",
  "lastModified": "2024-11-21T06:51:09.463",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-04T18:15:08.057",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/pull/12020"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/releases/tag/v9.7.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/pull/12020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/releases/tag/v9.7.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-23 19:15

Modified

2024-11-21 05:56

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	cve@mitre.org	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1339B0-4DEA-4F71-91CA-7C53B889867B",
              "versionEndIncluding": "8.8.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
    },
    {
      "lang": "es",
      "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** En Directus versiones 8.xa hasta 8.8.1, un atacante puede visualizar a todos los usuarios en el CMS usando la API /users/{id}.\u0026#xa0;Para cada llamada, obtienen en respuesta una gran cantidad de informaci\u00f3n sobre el usuario (tal y como la direcci\u00f3n de correo electr\u00f3nico, el nombre y el apellido), pero tambi\u00e9n el secreto de 2FA si existe.\u0026#xa0;Este secreto puede ser regenerado.\u0026#xa0;NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"
    }
  ],
  "id": "CVE-2021-26593",
  "lastModified": "2024-11-21T05:56:32.617",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-23T19:15:13.713",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-05 22:29

Modified

2024-11-21 03:41

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.

References

▼	URL	Tags
	cve@mitre.org	https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	6.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:6.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3408874B-CC78-41E4-AF61-24562BF4CF8C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql."
    },
    {
      "lang": "es",
      "value": "Directus 6.4.9 tiene una contrase\u00f1a de administrador embebida para la cuenta Admin debido a una instrucci\u00f3n INSERT en api/schema.sql."
    }
  ],
  "id": "CVE-2018-10723",
  "lastModified": "2024-11-21T03:41:55.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-05T22:29:00.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-23 19:15

Modified

2024-11-21 05:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	cve@mitre.org	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1339B0-4DEA-4F71-91CA-7C53B889867B",
              "versionEndIncluding": "8.8.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
    },
    {
      "lang": "es",
      "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** En Directus versiones 8.xa hasta 8.8.1, un atacante puede aprender informaci\u00f3n confidencial tal y como la versi\u00f3n del CMS, la versi\u00f3n de PHP utilizada por el sitio y el nombre del DBMS, simplemente al visualizar el resultado de la api-aa, llamado autom\u00e1ticamente en una conexi\u00f3n.\u0026#xa0;NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"
    }
  ],
  "id": "CVE-2021-26595",
  "lastModified": "2024-11-21T05:56:32.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-23T19:15:13.853",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-03-06 17:15

Modified

2024-11-21 07:52

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround.

References

URL	Tags
security-advisories@github.com	https://github.com/directus/directus/issues/17119	Issue Tracking, Mailing List, Third Party Advisory
security-advisories@github.com	https://github.com/directus/directus/pull/17120	Patch
security-advisories@github.com	https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/issues/17119	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/pull/17120	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5ECBFC-CE32-46AA-AD02-04D5C9C78DA9",
              "versionEndExcluding": "9.23.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround."
    }
  ],
  "id": "CVE-2023-27474",
  "lastModified": "2024-11-21T07:52:58.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-06T17:15:10.740",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/issues/17119"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/directus/directus/pull/17120"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/issues/17119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/directus/directus/pull/17120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-07 22:15

Modified

2024-11-21 06:01

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Apr/14	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore	Third Party Advisory
cve@mitre.org	https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/	Exploit, Third Party Advisory
cve@mitre.org	https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Apr/14	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C32EC9-72A3-4EF5-B67C-461B26AE84EB",
              "versionEndExcluding": "8.8.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com)."
    },
    {
      "lang": "es",
      "value": "Directus 8 versiones anteriores a 8.8.2, permite a los usuarios autenticados remotamente ejecutar c\u00f3digo arbitrario porque los permisos de carga de archivos incluyen la capacidad de cargar un archivo .php en el directorio de carga principal y/o cargar un archivo .php y un archivo .htaccess en un subdirectorio.\u0026#xa0;La explotaci\u00f3n tiene \u00e9xito solo para ciertas instalaciones con el servidor HTTP Apache y el controlador de almacenamiento local (por ejemplo, cuando el producto se obtuvo de hub.docker.com)"
    }
  ],
  "id": "CVE-2021-29641",
  "lastModified": "2024-11-21T06:01:32.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-07T22:15:14.973",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-10 16:15

Modified

2024-11-21 06:46

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.

References

URL	Tags
vulnerabilitylab@mend.io	https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	Patch, Third Party Advisory
vulnerabilitylab@mend.io	https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
rangerstudio	directus	*
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5B65F4-5470-449C-A32F-EB2D8E367E39",
              "versionEndIncluding": "9.4.1",
              "versionStartIncluding": "9.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "93B8E89D-339F-46C7-B425-94EB4F67E85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10:*:*:*:*:*:*",
              "matchCriteriaId": "55EB6511-9A3C-4047-9777-D1B81C7A2817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11:*:*:*:*:*:*",
              "matchCriteriaId": "991728C9-FFE0-4B8C-ADA3-4D0FEDBB27FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12:*:*:*:*:*:*",
              "matchCriteriaId": "CEB212D4-D004-485C-9440-A4C2CD3DE761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13:*:*:*:*:*:*",
              "matchCriteriaId": "4EDCF08A-E376-483D-BB4D-FAC2BE15D0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14:*:*:*:*:*:*",
              "matchCriteriaId": "B09C31B4-C30D-4DE2-A946-83D17333C4FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15:*:*:*:*:*:*",
              "matchCriteriaId": "6ABBA454-0423-4C8D-A3D7-BF40DFE46C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16:*:*:*:*:*:*",
              "matchCriteriaId": "5D18FA6B-3DB7-4CC1-B65A-2936F5CBC786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17:*:*:*:*:*:*",
              "matchCriteriaId": "412A6CDE-1EEF-4023-A893-63B132D258D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18:*:*:*:*:*:*",
              "matchCriteriaId": "EBD0C110-69C2-4A34-B01B-970DEFFA6F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19:*:*:*:*:*:*",
              "matchCriteriaId": "31689A2D-DB6D-4B60-BE83-733505F5073D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20:*:*:*:*:*:*",
              "matchCriteriaId": "C9CA67D0-2B89-4E3E-8246-824FF2E799B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21:*:*:*:*:*:*",
              "matchCriteriaId": "AFA2267B-682B-49E3-993F-486662E69E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22:*:*:*:*:*:*",
              "matchCriteriaId": "EEB3F886-A296-4654-A65B-2A051F18B59C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23:*:*:*:*:*:*",
              "matchCriteriaId": "255393C9-B87B-4FD6-A0DC-0EB7DC0A17C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24:*:*:*:*:*:*",
              "matchCriteriaId": "A4C8AA33-28B7-4D31-8C3E-95B4E08B63A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25:*:*:*:*:*:*",
              "matchCriteriaId": "BDCF6BE6-3040-49AB-8110-D8A21EC3C9FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26:*:*:*:*:*:*",
              "matchCriteriaId": "661030BB-57C6-4E10-8B9D-FB88E3CBCF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27:*:*:*:*:*:*",
              "matchCriteriaId": "3293A560-0E41-4666-88D5-F21E4BE83A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31:*:*:*:*:*:*",
              "matchCriteriaId": "6DBE590D-7D3B-4A4D-BD37-338C1B0E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32:*:*:*:*:*:*",
              "matchCriteriaId": "D23295C8-B952-4FC5-8638-3C552012CAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33:*:*:*:*:*:*",
              "matchCriteriaId": "C14C81A9-0B3A-4012-B67B-2DC3D6C61E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34:*:*:*:*:*:*",
              "matchCriteriaId": "D53177AD-EE8C-46B1-B424-713609CFD89A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35:*:*:*:*:*:*",
              "matchCriteriaId": "EEC87C06-6166-4A8C-B42E-E1AB1C772856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36:*:*:*:*:*:*",
              "matchCriteriaId": "36E6D59B-F31C-4A39-913C-0BA2F312D60E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37:*:*:*:*:*:*",
              "matchCriteriaId": "3B5DFB5B-6B4D-4E5F-B008-7E7D665F3B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38:*:*:*:*:*:*",
              "matchCriteriaId": "9990CD23-1DC5-4376-8BE1-147BBEBF6B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39:*:*:*:*:*:*",
              "matchCriteriaId": "22A50CB3-C3C5-48DB-925A-58543DB749A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "83673538-623A-41AF-B6C4-E409FDF04AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40:*:*:*:*:*:*",
              "matchCriteriaId": "4BF56F69-DFE1-4D2B-B9E2-42DFD0B40A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41:*:*:*:*:*:*",
              "matchCriteriaId": "9C10C163-C0B3-4BCA-BCEE-DBDBA2C714D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42:*:*:*:*:*:*",
              "matchCriteriaId": "5133759B-6F2A-422B-BCA9-D5665C3F8388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "210E0FC0-D30C-4931-B913-53B4E14A164A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "AA462266-3F3F-4400-A5E1-3A426978EB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7C20A-89BE-4CFB-B89F-3FD0708C973B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8:*:*:*:*:*:*",
              "matchCriteriaId": "E589B388-842A-4145-972F-764C78662BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9:*:*:*:*:*:*",
              "matchCriteriaId": "5C3F13DB-B66C-41C9-BB51-6EF7ACD6E6A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta0:*:*:*:*:*:*",
              "matchCriteriaId": "7BD6203E-2AA9-4558-82D6-001C8237230A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A34C9EE7-3FD3-4795-A20B-42A65880BF12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "E7E685D8-87F3-4644-82F7-5011906D664C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "371A1F14-0E57-4D03-8CCF-1E04CF579363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "3EBB9F0B-469B-46D4-8DF5-3CB0D26C35AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:*:*:*:*:*:*",
              "matchCriteriaId": "7C687D37-2FAA-4F39-BADA-AD4A8B02C11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:*:*:*:*:*:*",
              "matchCriteriaId": "9906A21C-6823-4D7C-A6B9-276DC4929ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D17628E7-A69E-4395-A790-1C43F59FB79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "D0801D3E-87B1-4842-A891-23F73146326A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "A019A0FA-C01D-488B-9C27-38EAD43C4576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "57CFB169-BB99-480A-8DB8-5932E72195EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "E7488FF7-E4F9-4126-A3E0-1560C076A486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "3F3A5903-A198-4E1C-B32C-41F9F5F8FE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "2518A8FD-B71B-48EE-BB4F-4B129D5F57FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "51CD9570-2DEA-4572-9222-FCA4049A229D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8DB07786-FA7B-4941-9105-26B9DC2D82F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "45B70DCE-B860-4E6C-BC1F-A89BD79FD9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc100:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA556-4524-45EA-80E2-2D4996CC58EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc101:*:*:*:*:*:*",
              "matchCriteriaId": "42798D07-F87B-4DC5-85DC-97C19EE5F927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc11:*:*:*:*:*:*",
              "matchCriteriaId": "45553C55-AEE8-42E2-9A81-C850FD05C3AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc12:*:*:*:*:*:*",
              "matchCriteriaId": "EE381727-3D96-43CD-B07B-E653D4B46677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc13:*:*:*:*:*:*",
              "matchCriteriaId": "95CF72D0-C742-45DD-AFBB-1619EFBFE7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc14:*:*:*:*:*:*",
              "matchCriteriaId": "B14236FE-AC54-4B9E-B8A4-D23146B073AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc15:*:*:*:*:*:*",
              "matchCriteriaId": "BF790178-8A0C-4AEB-9495-E176018F2245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc17:*:*:*:*:*:*",
              "matchCriteriaId": "403E4722-9794-4EDF-8D46-41CB7B24787E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc18:*:*:*:*:*:*",
              "matchCriteriaId": "F9C899B5-C6BB-4664-B670-D5EAE2732B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc19:*:*:*:*:*:*",
              "matchCriteriaId": "8A41F3AE-7969-40EF-845E-FD06DC014B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BB9329F2-4A79-44AA-9F76-C9C2467C3519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc20:*:*:*:*:*:*",
              "matchCriteriaId": "D763F244-F5B7-4090-9B55-4DE94DFC5729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc21:*:*:*:*:*:*",
              "matchCriteriaId": "495DC6E5-C67E-4F5D-8B83-743DC0A75730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc22:*:*:*:*:*:*",
              "matchCriteriaId": "2EEAFB71-E5AB-4153-BFC0-EBF32D7F9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc23:*:*:*:*:*:*",
              "matchCriteriaId": "DA1A5E4E-D311-4A57-B86B-AF766235A475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc24:*:*:*:*:*:*",
              "matchCriteriaId": "ACDF5EC1-3FDB-4CBF-937F-654F9AF95945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc25:*:*:*:*:*:*",
              "matchCriteriaId": "35606AF8-C3F0-4FEA-B54D-CB966824308C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc26:*:*:*:*:*:*",
              "matchCriteriaId": "F91D03A0-7DB7-4257-9415-C0D87BA2AAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc27:*:*:*:*:*:*",
              "matchCriteriaId": "8D05BF28-4806-4D82-843C-FA1B8CED74D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc28:*:*:*:*:*:*",
              "matchCriteriaId": "8FF35B3D-2CFA-4810-9E15-470EA887D9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc29:*:*:*:*:*:*",
              "matchCriteriaId": "0F283221-95BD-4A8E-8865-8AE1399F5876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "55EEE789-67DB-47D9-892B-1340963E7927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc30:*:*:*:*:*:*",
              "matchCriteriaId": "89FFD654-9CA8-4CA3-981A-F0F76EB0F521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc31:*:*:*:*:*:*",
              "matchCriteriaId": "A0350F49-CC16-4426-ADCD-7CD4254B6FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc32:*:*:*:*:*:*",
              "matchCriteriaId": "CBED485C-5A6F-430A-82CD-8E4920B93FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc33:*:*:*:*:*:*",
              "matchCriteriaId": "F48FE4FF-8245-4844-99F1-A4F813622A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc34:*:*:*:*:*:*",
              "matchCriteriaId": "ADCBE2AF-442F-47C7-98AA-D9AFDF2DB67F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc35:*:*:*:*:*:*",
              "matchCriteriaId": "481219B2-3B23-4587-8674-D79ADB187EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc36:*:*:*:*:*:*",
              "matchCriteriaId": "254199A7-0054-4CAF-A2A9-E8775B1BC023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc37:*:*:*:*:*:*",
              "matchCriteriaId": "8125A4F8-2574-49FE-990A-D285E9040D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc38:*:*:*:*:*:*",
              "matchCriteriaId": "DA41810F-739D-4134-85B2-4C6FD30EEFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc39:*:*:*:*:*:*",
              "matchCriteriaId": "04CF572B-5E1F-4F25-8914-37EC89EB8B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DAD8E2AF-951F-48EF-90CF-24A5FEB32D67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc40:*:*:*:*:*:*",
              "matchCriteriaId": "85665B14-3D55-4156-9D36-BBEAB8A092A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc41:*:*:*:*:*:*",
              "matchCriteriaId": "4D8677D7-5B12-43D7-9227-5D2631EA3A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc42:*:*:*:*:*:*",
              "matchCriteriaId": "CBAEBC81-BA6F-4EE1-B1C8-4BF7078DA100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc43:*:*:*:*:*:*",
              "matchCriteriaId": "7488DBEF-3F63-4E82-AB77-AF3CB6B14430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc44:*:*:*:*:*:*",
              "matchCriteriaId": "5165C27C-CDE8-43A1-80E6-147D37183299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc45:*:*:*:*:*:*",
              "matchCriteriaId": "E5B5898D-FC53-4D07-A5DC-082BA4D8C987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc46:*:*:*:*:*:*",
              "matchCriteriaId": "7E0E801F-EC32-4C08-A627-79D731BC2825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc47:*:*:*:*:*:*",
              "matchCriteriaId": "DE607124-F29B-436D-976E-DFBEA5EDBF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc48:*:*:*:*:*:*",
              "matchCriteriaId": "52E3E8EC-631A-457E-BC07-ED15E915D24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc49:*:*:*:*:*:*",
              "matchCriteriaId": "1FDC5AAF-EDDF-4526-AEE9-69EC661BFB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "53019FA4-DA26-4CFF-A0C4-E57707435E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc50:*:*:*:*:*:*",
              "matchCriteriaId": "981CE199-DC89-4CB7-8FB1-1E552F396DEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc51:*:*:*:*:*:*",
              "matchCriteriaId": "A62D4B24-C873-4138-A4E9-6B8EBCA3E981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc52:*:*:*:*:*:*",
              "matchCriteriaId": "A515AD50-3ECF-4587-8AD5-5D0E2A768A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc53:*:*:*:*:*:*",
              "matchCriteriaId": "9C8501C3-2191-42E8-9620-741F74CE2F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc54:*:*:*:*:*:*",
              "matchCriteriaId": "1E3213CC-91B6-4E7E-9629-A4C565531B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc55:*:*:*:*:*:*",
              "matchCriteriaId": "B1219C97-9DAA-4791-9D18-64D095938434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc56:*:*:*:*:*:*",
              "matchCriteriaId": "DFC78640-A1BA-4DB0-B9AF-E34DD95171DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc57:*:*:*:*:*:*",
              "matchCriteriaId": "2CA01771-E27C-4CB0-8E0B-1CB71A59F6AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc58:*:*:*:*:*:*",
              "matchCriteriaId": "506FE0BF-D988-44A4-A272-3544024A2E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc59:*:*:*:*:*:*",
              "matchCriteriaId": "7DA43EE9-7412-48CA-B1E7-619AA116D427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "3641DB8D-BE6E-4BF5-8EBC-52C50F0A850A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc60:*:*:*:*:*:*",
              "matchCriteriaId": "38360D89-4A8C-4909-BB77-AACA5D8BF048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc61:*:*:*:*:*:*",
              "matchCriteriaId": "0824EEC4-AFDE-4E8E-B27C-34AA042539C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc62:*:*:*:*:*:*",
              "matchCriteriaId": "F9C2CE70-41EF-47C5-9715-E42D9A4CA345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc63:*:*:*:*:*:*",
              "matchCriteriaId": "C7F3C217-E79A-4BE2-AC4B-3E280CF1162B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc64:*:*:*:*:*:*",
              "matchCriteriaId": "FEAF4A6A-DF67-4C38-B968-8391BA3B027C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc65:*:*:*:*:*:*",
              "matchCriteriaId": "45282628-8F29-4BD0-B4FF-3ECD04DC4584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc66:*:*:*:*:*:*",
              "matchCriteriaId": "BAC07857-306F-4DF7-B586-330A51F86E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc67:*:*:*:*:*:*",
              "matchCriteriaId": "D580D844-A230-4D05-AA9B-1B8F785771CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc68:*:*:*:*:*:*",
              "matchCriteriaId": "AD33F536-BCD9-4205-ABB6-1748F1C04C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc69:*:*:*:*:*:*",
              "matchCriteriaId": "1EC607B1-7205-4C97-B18C-F792F919EB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "DECC37DB-7DBC-490E-BB4D-F358B8BE04F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc70:*:*:*:*:*:*",
              "matchCriteriaId": "76050C92-5441-48AD-A662-AF90CD51A093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc71:*:*:*:*:*:*",
              "matchCriteriaId": "C60BB748-6DB3-40D6-A2FD-725D38B4D717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc72:*:*:*:*:*:*",
              "matchCriteriaId": "10B17B25-3D29-4066-B315-BA5F5D08216F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc73:*:*:*:*:*:*",
              "matchCriteriaId": "C919D78E-8231-4452-BE4B-56F1D7A53745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc74:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DEC50-215A-478D-8A56-CC6896C32E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc75:*:*:*:*:*:*",
              "matchCriteriaId": "075076A9-5171-4F1F-B96E-2E1D4C6D7FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc76:*:*:*:*:*:*",
              "matchCriteriaId": "83BE0072-2296-46A0-86E2-1BB560F23172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc77:*:*:*:*:*:*",
              "matchCriteriaId": "3C4FEF13-459C-48FD-919D-921AA1DA1EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc78:*:*:*:*:*:*",
              "matchCriteriaId": "B5FD43BA-F42B-4B0A-9D0D-3284C5037766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc79:*:*:*:*:*:*",
              "matchCriteriaId": "B95BF825-ACD4-44DC-AAAD-1564C1EAF827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "CEE20367-CF2E-4954-ADE0-D56D2B6A0C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc80:*:*:*:*:*:*",
              "matchCriteriaId": "BA315D47-294C-434F-88E5-A099859C2AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc81:*:*:*:*:*:*",
              "matchCriteriaId": "17B7A29B-75D7-476D-A999-CDDF47DF363C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc82:*:*:*:*:*:*",
              "matchCriteriaId": "CC7498A4-7965-4895-AC92-AFBEDD68A81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc83:*:*:*:*:*:*",
              "matchCriteriaId": "1557399D-2549-42F3-8C0D-B35E25C38DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc84:*:*:*:*:*:*",
              "matchCriteriaId": "E322CBF0-61C0-419A-8513-FE25F511D259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc85:*:*:*:*:*:*",
              "matchCriteriaId": "936AD22D-438D-4500-B677-AFFD19CA0D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc86:*:*:*:*:*:*",
              "matchCriteriaId": "F1AF8FA3-E95F-499A-85C9-D053D5F9F755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc87:*:*:*:*:*:*",
              "matchCriteriaId": "BB3A9596-37F2-447A-8F93-B1E1F5E64D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc88:*:*:*:*:*:*",
              "matchCriteriaId": "104A83DA-82FB-4D6A-A544-ACECCD7EA866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc89:*:*:*:*:*:*",
              "matchCriteriaId": "DD39FDCA-986D-4DB4-8B39-59AACA80E248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "15693730-BABE-4703-8E15-1F42DE819913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc90:*:*:*:*:*:*",
              "matchCriteriaId": "D568E567-C1A1-4BB7-9FB2-9A7044F7360E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc91:*:*:*:*:*:*",
              "matchCriteriaId": "9E266EE8-578C-4991-8E53-1A5BEC8A004D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc92:*:*:*:*:*:*",
              "matchCriteriaId": "D75D7964-98EC-4A71-926B-B6500F852CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc93:*:*:*:*:*:*",
              "matchCriteriaId": "85B0990A-6EC6-44F5-AF3E-CB8C85B8F1AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc94:*:*:*:*:*:*",
              "matchCriteriaId": "4E1EC031-B15E-47A7-97BD-E86D38853F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc95:*:*:*:*:*:*",
              "matchCriteriaId": "614774B4-8A98-41F9-BB9B-603668FDCF36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc96:*:*:*:*:*:*",
              "matchCriteriaId": "1442884B-3A8E-4210-9BB2-F34FB37C2C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc97:*:*:*:*:*:*",
              "matchCriteriaId": "33003367-36D9-4709-B182-9B93615C6F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc98:*:*:*:*:*:*",
              "matchCriteriaId": "1B1C3267-3FBB-4D91-8320-89B07BC7291F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc99:*:*:*:*:*:*",
              "matchCriteriaId": "DCB32D41-1563-40D6-8A59-3E590E10F9B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."
    },
    {
      "lang": "es",
      "value": "En Directus, versiones 9.0.0-alpha.4 hasta 9.4.1 permiten una carga sin restricciones de archivos .html en la funcionalidad media upload, lo que conlleva a una vulnerabilidad de tipo Cross-Site Scripting. Un atacante con pocos privilegios puede subir un archivo HTML dise\u00f1ado como un avatar de perfil, y cuando un administrador u otro usuario lo abre, la carga \u00fatil de tipo XSS es desencadenada"
    }
  ],
  "id": "CVE-2022-22117",
  "lastModified": "2024-11-21T06:46:13.127",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "vulnerabilitylab@mend.io",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-10T16:15:10.120",
  "references": [
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
    },
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
    }
  ],
  "sourceIdentifier": "vulnerabilitylab@mend.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "vulnerabilitylab@mend.io",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-06-22 16:15

Modified

2024-11-21 06:47

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Summary

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

References

URL	Tags
vulnerabilitylab@mend.io	https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83	Patch, Third Party Advisory
vulnerabilitylab@mend.io	https://www.mend.io/vulnerability-database/CVE-2022-23080	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mend.io/vulnerability-database/CVE-2022-23080	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
rangerstudio	directus	*
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0C7131-B14D-416A-AB15-EE34B48CB4AB",
              "versionEndIncluding": "9.6.0",
              "versionStartIncluding": "9.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "E7E685D8-87F3-4644-82F7-5011906D664C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "371A1F14-0E57-4D03-8CCF-1E04CF579363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "3EBB9F0B-469B-46D4-8DF5-3CB0D26C35AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:*:*:*:*:*:*",
              "matchCriteriaId": "7C687D37-2FAA-4F39-BADA-AD4A8B02C11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:*:*:*:*:*:*",
              "matchCriteriaId": "9906A21C-6823-4D7C-A6B9-276DC4929ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D17628E7-A69E-4395-A790-1C43F59FB79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "D0801D3E-87B1-4842-A891-23F73146326A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "A019A0FA-C01D-488B-9C27-38EAD43C4576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "57CFB169-BB99-480A-8DB8-5932E72195EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "E7488FF7-E4F9-4126-A3E0-1560C076A486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "3F3A5903-A198-4E1C-B32C-41F9F5F8FE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "2518A8FD-B71B-48EE-BB4F-4B129D5F57FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "51CD9570-2DEA-4572-9222-FCA4049A229D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8DB07786-FA7B-4941-9105-26B9DC2D82F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "45B70DCE-B860-4E6C-BC1F-A89BD79FD9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc100:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA556-4524-45EA-80E2-2D4996CC58EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc101:*:*:*:*:*:*",
              "matchCriteriaId": "42798D07-F87B-4DC5-85DC-97C19EE5F927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc11:*:*:*:*:*:*",
              "matchCriteriaId": "45553C55-AEE8-42E2-9A81-C850FD05C3AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc12:*:*:*:*:*:*",
              "matchCriteriaId": "EE381727-3D96-43CD-B07B-E653D4B46677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc13:*:*:*:*:*:*",
              "matchCriteriaId": "95CF72D0-C742-45DD-AFBB-1619EFBFE7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc14:*:*:*:*:*:*",
              "matchCriteriaId": "B14236FE-AC54-4B9E-B8A4-D23146B073AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc15:*:*:*:*:*:*",
              "matchCriteriaId": "BF790178-8A0C-4AEB-9495-E176018F2245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc17:*:*:*:*:*:*",
              "matchCriteriaId": "403E4722-9794-4EDF-8D46-41CB7B24787E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc18:*:*:*:*:*:*",
              "matchCriteriaId": "F9C899B5-C6BB-4664-B670-D5EAE2732B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc19:*:*:*:*:*:*",
              "matchCriteriaId": "8A41F3AE-7969-40EF-845E-FD06DC014B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BB9329F2-4A79-44AA-9F76-C9C2467C3519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc20:*:*:*:*:*:*",
              "matchCriteriaId": "D763F244-F5B7-4090-9B55-4DE94DFC5729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc21:*:*:*:*:*:*",
              "matchCriteriaId": "495DC6E5-C67E-4F5D-8B83-743DC0A75730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc22:*:*:*:*:*:*",
              "matchCriteriaId": "2EEAFB71-E5AB-4153-BFC0-EBF32D7F9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc23:*:*:*:*:*:*",
              "matchCriteriaId": "DA1A5E4E-D311-4A57-B86B-AF766235A475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc24:*:*:*:*:*:*",
              "matchCriteriaId": "ACDF5EC1-3FDB-4CBF-937F-654F9AF95945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc25:*:*:*:*:*:*",
              "matchCriteriaId": "35606AF8-C3F0-4FEA-B54D-CB966824308C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc26:*:*:*:*:*:*",
              "matchCriteriaId": "F91D03A0-7DB7-4257-9415-C0D87BA2AAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc27:*:*:*:*:*:*",
              "matchCriteriaId": "8D05BF28-4806-4D82-843C-FA1B8CED74D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc28:*:*:*:*:*:*",
              "matchCriteriaId": "8FF35B3D-2CFA-4810-9E15-470EA887D9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc29:*:*:*:*:*:*",
              "matchCriteriaId": "0F283221-95BD-4A8E-8865-8AE1399F5876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "55EEE789-67DB-47D9-892B-1340963E7927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc30:*:*:*:*:*:*",
              "matchCriteriaId": "89FFD654-9CA8-4CA3-981A-F0F76EB0F521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc31:*:*:*:*:*:*",
              "matchCriteriaId": "A0350F49-CC16-4426-ADCD-7CD4254B6FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc32:*:*:*:*:*:*",
              "matchCriteriaId": "CBED485C-5A6F-430A-82CD-8E4920B93FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc33:*:*:*:*:*:*",
              "matchCriteriaId": "F48FE4FF-8245-4844-99F1-A4F813622A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc34:*:*:*:*:*:*",
              "matchCriteriaId": "ADCBE2AF-442F-47C7-98AA-D9AFDF2DB67F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc35:*:*:*:*:*:*",
              "matchCriteriaId": "481219B2-3B23-4587-8674-D79ADB187EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc36:*:*:*:*:*:*",
              "matchCriteriaId": "254199A7-0054-4CAF-A2A9-E8775B1BC023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc37:*:*:*:*:*:*",
              "matchCriteriaId": "8125A4F8-2574-49FE-990A-D285E9040D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc38:*:*:*:*:*:*",
              "matchCriteriaId": "DA41810F-739D-4134-85B2-4C6FD30EEFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc39:*:*:*:*:*:*",
              "matchCriteriaId": "04CF572B-5E1F-4F25-8914-37EC89EB8B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DAD8E2AF-951F-48EF-90CF-24A5FEB32D67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc40:*:*:*:*:*:*",
              "matchCriteriaId": "85665B14-3D55-4156-9D36-BBEAB8A092A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc41:*:*:*:*:*:*",
              "matchCriteriaId": "4D8677D7-5B12-43D7-9227-5D2631EA3A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc42:*:*:*:*:*:*",
              "matchCriteriaId": "CBAEBC81-BA6F-4EE1-B1C8-4BF7078DA100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc43:*:*:*:*:*:*",
              "matchCriteriaId": "7488DBEF-3F63-4E82-AB77-AF3CB6B14430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc44:*:*:*:*:*:*",
              "matchCriteriaId": "5165C27C-CDE8-43A1-80E6-147D37183299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc45:*:*:*:*:*:*",
              "matchCriteriaId": "E5B5898D-FC53-4D07-A5DC-082BA4D8C987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc46:*:*:*:*:*:*",
              "matchCriteriaId": "7E0E801F-EC32-4C08-A627-79D731BC2825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc47:*:*:*:*:*:*",
              "matchCriteriaId": "DE607124-F29B-436D-976E-DFBEA5EDBF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc48:*:*:*:*:*:*",
              "matchCriteriaId": "52E3E8EC-631A-457E-BC07-ED15E915D24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc49:*:*:*:*:*:*",
              "matchCriteriaId": "1FDC5AAF-EDDF-4526-AEE9-69EC661BFB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "53019FA4-DA26-4CFF-A0C4-E57707435E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc50:*:*:*:*:*:*",
              "matchCriteriaId": "981CE199-DC89-4CB7-8FB1-1E552F396DEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc51:*:*:*:*:*:*",
              "matchCriteriaId": "A62D4B24-C873-4138-A4E9-6B8EBCA3E981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc52:*:*:*:*:*:*",
              "matchCriteriaId": "A515AD50-3ECF-4587-8AD5-5D0E2A768A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc53:*:*:*:*:*:*",
              "matchCriteriaId": "9C8501C3-2191-42E8-9620-741F74CE2F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc54:*:*:*:*:*:*",
              "matchCriteriaId": "1E3213CC-91B6-4E7E-9629-A4C565531B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc55:*:*:*:*:*:*",
              "matchCriteriaId": "B1219C97-9DAA-4791-9D18-64D095938434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc56:*:*:*:*:*:*",
              "matchCriteriaId": "DFC78640-A1BA-4DB0-B9AF-E34DD95171DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc57:*:*:*:*:*:*",
              "matchCriteriaId": "2CA01771-E27C-4CB0-8E0B-1CB71A59F6AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc58:*:*:*:*:*:*",
              "matchCriteriaId": "506FE0BF-D988-44A4-A272-3544024A2E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc59:*:*:*:*:*:*",
              "matchCriteriaId": "7DA43EE9-7412-48CA-B1E7-619AA116D427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "3641DB8D-BE6E-4BF5-8EBC-52C50F0A850A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc60:*:*:*:*:*:*",
              "matchCriteriaId": "38360D89-4A8C-4909-BB77-AACA5D8BF048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc61:*:*:*:*:*:*",
              "matchCriteriaId": "0824EEC4-AFDE-4E8E-B27C-34AA042539C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc62:*:*:*:*:*:*",
              "matchCriteriaId": "F9C2CE70-41EF-47C5-9715-E42D9A4CA345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc63:*:*:*:*:*:*",
              "matchCriteriaId": "C7F3C217-E79A-4BE2-AC4B-3E280CF1162B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc64:*:*:*:*:*:*",
              "matchCriteriaId": "FEAF4A6A-DF67-4C38-B968-8391BA3B027C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc65:*:*:*:*:*:*",
              "matchCriteriaId": "45282628-8F29-4BD0-B4FF-3ECD04DC4584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc66:*:*:*:*:*:*",
              "matchCriteriaId": "BAC07857-306F-4DF7-B586-330A51F86E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc67:*:*:*:*:*:*",
              "matchCriteriaId": "D580D844-A230-4D05-AA9B-1B8F785771CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc68:*:*:*:*:*:*",
              "matchCriteriaId": "AD33F536-BCD9-4205-ABB6-1748F1C04C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc69:*:*:*:*:*:*",
              "matchCriteriaId": "1EC607B1-7205-4C97-B18C-F792F919EB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "DECC37DB-7DBC-490E-BB4D-F358B8BE04F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc70:*:*:*:*:*:*",
              "matchCriteriaId": "76050C92-5441-48AD-A662-AF90CD51A093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc71:*:*:*:*:*:*",
              "matchCriteriaId": "C60BB748-6DB3-40D6-A2FD-725D38B4D717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc72:*:*:*:*:*:*",
              "matchCriteriaId": "10B17B25-3D29-4066-B315-BA5F5D08216F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc73:*:*:*:*:*:*",
              "matchCriteriaId": "C919D78E-8231-4452-BE4B-56F1D7A53745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc74:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DEC50-215A-478D-8A56-CC6896C32E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc75:*:*:*:*:*:*",
              "matchCriteriaId": "075076A9-5171-4F1F-B96E-2E1D4C6D7FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc76:*:*:*:*:*:*",
              "matchCriteriaId": "83BE0072-2296-46A0-86E2-1BB560F23172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc77:*:*:*:*:*:*",
              "matchCriteriaId": "3C4FEF13-459C-48FD-919D-921AA1DA1EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc78:*:*:*:*:*:*",
              "matchCriteriaId": "B5FD43BA-F42B-4B0A-9D0D-3284C5037766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc79:*:*:*:*:*:*",
              "matchCriteriaId": "B95BF825-ACD4-44DC-AAAD-1564C1EAF827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "CEE20367-CF2E-4954-ADE0-D56D2B6A0C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc80:*:*:*:*:*:*",
              "matchCriteriaId": "BA315D47-294C-434F-88E5-A099859C2AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc81:*:*:*:*:*:*",
              "matchCriteriaId": "17B7A29B-75D7-476D-A999-CDDF47DF363C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc82:*:*:*:*:*:*",
              "matchCriteriaId": "CC7498A4-7965-4895-AC92-AFBEDD68A81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc83:*:*:*:*:*:*",
              "matchCriteriaId": "1557399D-2549-42F3-8C0D-B35E25C38DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc84:*:*:*:*:*:*",
              "matchCriteriaId": "E322CBF0-61C0-419A-8513-FE25F511D259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc85:*:*:*:*:*:*",
              "matchCriteriaId": "936AD22D-438D-4500-B677-AFFD19CA0D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc86:*:*:*:*:*:*",
              "matchCriteriaId": "F1AF8FA3-E95F-499A-85C9-D053D5F9F755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc87:*:*:*:*:*:*",
              "matchCriteriaId": "BB3A9596-37F2-447A-8F93-B1E1F5E64D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc88:*:*:*:*:*:*",
              "matchCriteriaId": "104A83DA-82FB-4D6A-A544-ACECCD7EA866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc89:*:*:*:*:*:*",
              "matchCriteriaId": "DD39FDCA-986D-4DB4-8B39-59AACA80E248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "15693730-BABE-4703-8E15-1F42DE819913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc90:*:*:*:*:*:*",
              "matchCriteriaId": "D568E567-C1A1-4BB7-9FB2-9A7044F7360E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc91:*:*:*:*:*:*",
              "matchCriteriaId": "9E266EE8-578C-4991-8E53-1A5BEC8A004D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc92:*:*:*:*:*:*",
              "matchCriteriaId": "D75D7964-98EC-4A71-926B-B6500F852CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc93:*:*:*:*:*:*",
              "matchCriteriaId": "85B0990A-6EC6-44F5-AF3E-CB8C85B8F1AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc94:*:*:*:*:*:*",
              "matchCriteriaId": "4E1EC031-B15E-47A7-97BD-E86D38853F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc95:*:*:*:*:*:*",
              "matchCriteriaId": "614774B4-8A98-41F9-BB9B-603668FDCF36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc96:*:*:*:*:*:*",
              "matchCriteriaId": "1442884B-3A8E-4210-9BB2-F34FB37C2C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc97:*:*:*:*:*:*",
              "matchCriteriaId": "33003367-36D9-4709-B182-9B93615C6F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc98:*:*:*:*:*:*",
              "matchCriteriaId": "1B1C3267-3FBB-4D91-8320-89B07BC7291F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc99:*:*:*:*:*:*",
              "matchCriteriaId": "DCB32D41-1563-40D6-8A59-3E590E10F9B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans."
    },
    {
      "lang": "es",
      "value": "En directus versiones v9.0.0-beta.2 hasta 9.6.0, son vulnerables a un ataque de tipo server-side request forgery (SSRF) en la funcionalidad media upload que permite a un usuario poco privilegiado realizar escaneos de puertos de red internos"
    }
  ],
  "id": "CVE-2022-23080",
  "lastModified": "2024-11-21T06:47:56.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-22T16:15:07.930",
  "references": [
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
    },
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
    }
  ],
  "sourceIdentifier": "vulnerabilitylab@mend.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "vulnerabilitylab@mend.io",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-10 16:15

Modified

2024-11-21 06:46

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.

References

URL	Tags
vulnerabilitylab@mend.io	https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	Patch, Third Party Advisory
vulnerabilitylab@mend.io	https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
rangerstudio	directus	*
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0
rangerstudio	directus	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5B65F4-5470-449C-A32F-EB2D8E367E39",
              "versionEndIncluding": "9.4.1",
              "versionStartIncluding": "9.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "93B8E89D-339F-46C7-B425-94EB4F67E85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10:*:*:*:*:*:*",
              "matchCriteriaId": "55EB6511-9A3C-4047-9777-D1B81C7A2817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11:*:*:*:*:*:*",
              "matchCriteriaId": "991728C9-FFE0-4B8C-ADA3-4D0FEDBB27FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12:*:*:*:*:*:*",
              "matchCriteriaId": "CEB212D4-D004-485C-9440-A4C2CD3DE761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13:*:*:*:*:*:*",
              "matchCriteriaId": "4EDCF08A-E376-483D-BB4D-FAC2BE15D0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14:*:*:*:*:*:*",
              "matchCriteriaId": "B09C31B4-C30D-4DE2-A946-83D17333C4FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15:*:*:*:*:*:*",
              "matchCriteriaId": "6ABBA454-0423-4C8D-A3D7-BF40DFE46C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16:*:*:*:*:*:*",
              "matchCriteriaId": "5D18FA6B-3DB7-4CC1-B65A-2936F5CBC786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17:*:*:*:*:*:*",
              "matchCriteriaId": "412A6CDE-1EEF-4023-A893-63B132D258D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18:*:*:*:*:*:*",
              "matchCriteriaId": "EBD0C110-69C2-4A34-B01B-970DEFFA6F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19:*:*:*:*:*:*",
              "matchCriteriaId": "31689A2D-DB6D-4B60-BE83-733505F5073D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20:*:*:*:*:*:*",
              "matchCriteriaId": "C9CA67D0-2B89-4E3E-8246-824FF2E799B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21:*:*:*:*:*:*",
              "matchCriteriaId": "AFA2267B-682B-49E3-993F-486662E69E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22:*:*:*:*:*:*",
              "matchCriteriaId": "EEB3F886-A296-4654-A65B-2A051F18B59C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23:*:*:*:*:*:*",
              "matchCriteriaId": "255393C9-B87B-4FD6-A0DC-0EB7DC0A17C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24:*:*:*:*:*:*",
              "matchCriteriaId": "A4C8AA33-28B7-4D31-8C3E-95B4E08B63A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25:*:*:*:*:*:*",
              "matchCriteriaId": "BDCF6BE6-3040-49AB-8110-D8A21EC3C9FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26:*:*:*:*:*:*",
              "matchCriteriaId": "661030BB-57C6-4E10-8B9D-FB88E3CBCF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27:*:*:*:*:*:*",
              "matchCriteriaId": "3293A560-0E41-4666-88D5-F21E4BE83A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31:*:*:*:*:*:*",
              "matchCriteriaId": "6DBE590D-7D3B-4A4D-BD37-338C1B0E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32:*:*:*:*:*:*",
              "matchCriteriaId": "D23295C8-B952-4FC5-8638-3C552012CAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33:*:*:*:*:*:*",
              "matchCriteriaId": "C14C81A9-0B3A-4012-B67B-2DC3D6C61E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34:*:*:*:*:*:*",
              "matchCriteriaId": "D53177AD-EE8C-46B1-B424-713609CFD89A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35:*:*:*:*:*:*",
              "matchCriteriaId": "EEC87C06-6166-4A8C-B42E-E1AB1C772856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36:*:*:*:*:*:*",
              "matchCriteriaId": "36E6D59B-F31C-4A39-913C-0BA2F312D60E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37:*:*:*:*:*:*",
              "matchCriteriaId": "3B5DFB5B-6B4D-4E5F-B008-7E7D665F3B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38:*:*:*:*:*:*",
              "matchCriteriaId": "9990CD23-1DC5-4376-8BE1-147BBEBF6B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39:*:*:*:*:*:*",
              "matchCriteriaId": "22A50CB3-C3C5-48DB-925A-58543DB749A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "83673538-623A-41AF-B6C4-E409FDF04AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40:*:*:*:*:*:*",
              "matchCriteriaId": "4BF56F69-DFE1-4D2B-B9E2-42DFD0B40A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41:*:*:*:*:*:*",
              "matchCriteriaId": "9C10C163-C0B3-4BCA-BCEE-DBDBA2C714D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42:*:*:*:*:*:*",
              "matchCriteriaId": "5133759B-6F2A-422B-BCA9-D5665C3F8388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "210E0FC0-D30C-4931-B913-53B4E14A164A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "AA462266-3F3F-4400-A5E1-3A426978EB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7C20A-89BE-4CFB-B89F-3FD0708C973B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8:*:*:*:*:*:*",
              "matchCriteriaId": "E589B388-842A-4145-972F-764C78662BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9:*:*:*:*:*:*",
              "matchCriteriaId": "5C3F13DB-B66C-41C9-BB51-6EF7ACD6E6A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta0:*:*:*:*:*:*",
              "matchCriteriaId": "7BD6203E-2AA9-4558-82D6-001C8237230A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A34C9EE7-3FD3-4795-A20B-42A65880BF12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "E7E685D8-87F3-4644-82F7-5011906D664C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "371A1F14-0E57-4D03-8CCF-1E04CF579363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "3EBB9F0B-469B-46D4-8DF5-3CB0D26C35AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:*:*:*:*:*:*",
              "matchCriteriaId": "7C687D37-2FAA-4F39-BADA-AD4A8B02C11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:*:*:*:*:*:*",
              "matchCriteriaId": "9906A21C-6823-4D7C-A6B9-276DC4929ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D17628E7-A69E-4395-A790-1C43F59FB79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "D0801D3E-87B1-4842-A891-23F73146326A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "A019A0FA-C01D-488B-9C27-38EAD43C4576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "57CFB169-BB99-480A-8DB8-5932E72195EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "E7488FF7-E4F9-4126-A3E0-1560C076A486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "3F3A5903-A198-4E1C-B32C-41F9F5F8FE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "2518A8FD-B71B-48EE-BB4F-4B129D5F57FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "51CD9570-2DEA-4572-9222-FCA4049A229D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8DB07786-FA7B-4941-9105-26B9DC2D82F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "45B70DCE-B860-4E6C-BC1F-A89BD79FD9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc100:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA556-4524-45EA-80E2-2D4996CC58EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc101:*:*:*:*:*:*",
              "matchCriteriaId": "42798D07-F87B-4DC5-85DC-97C19EE5F927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc11:*:*:*:*:*:*",
              "matchCriteriaId": "45553C55-AEE8-42E2-9A81-C850FD05C3AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc12:*:*:*:*:*:*",
              "matchCriteriaId": "EE381727-3D96-43CD-B07B-E653D4B46677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc13:*:*:*:*:*:*",
              "matchCriteriaId": "95CF72D0-C742-45DD-AFBB-1619EFBFE7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc14:*:*:*:*:*:*",
              "matchCriteriaId": "B14236FE-AC54-4B9E-B8A4-D23146B073AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc15:*:*:*:*:*:*",
              "matchCriteriaId": "BF790178-8A0C-4AEB-9495-E176018F2245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc17:*:*:*:*:*:*",
              "matchCriteriaId": "403E4722-9794-4EDF-8D46-41CB7B24787E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc18:*:*:*:*:*:*",
              "matchCriteriaId": "F9C899B5-C6BB-4664-B670-D5EAE2732B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc19:*:*:*:*:*:*",
              "matchCriteriaId": "8A41F3AE-7969-40EF-845E-FD06DC014B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BB9329F2-4A79-44AA-9F76-C9C2467C3519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc20:*:*:*:*:*:*",
              "matchCriteriaId": "D763F244-F5B7-4090-9B55-4DE94DFC5729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc21:*:*:*:*:*:*",
              "matchCriteriaId": "495DC6E5-C67E-4F5D-8B83-743DC0A75730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc22:*:*:*:*:*:*",
              "matchCriteriaId": "2EEAFB71-E5AB-4153-BFC0-EBF32D7F9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc23:*:*:*:*:*:*",
              "matchCriteriaId": "DA1A5E4E-D311-4A57-B86B-AF766235A475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc24:*:*:*:*:*:*",
              "matchCriteriaId": "ACDF5EC1-3FDB-4CBF-937F-654F9AF95945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc25:*:*:*:*:*:*",
              "matchCriteriaId": "35606AF8-C3F0-4FEA-B54D-CB966824308C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc26:*:*:*:*:*:*",
              "matchCriteriaId": "F91D03A0-7DB7-4257-9415-C0D87BA2AAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc27:*:*:*:*:*:*",
              "matchCriteriaId": "8D05BF28-4806-4D82-843C-FA1B8CED74D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc28:*:*:*:*:*:*",
              "matchCriteriaId": "8FF35B3D-2CFA-4810-9E15-470EA887D9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc29:*:*:*:*:*:*",
              "matchCriteriaId": "0F283221-95BD-4A8E-8865-8AE1399F5876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "55EEE789-67DB-47D9-892B-1340963E7927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc30:*:*:*:*:*:*",
              "matchCriteriaId": "89FFD654-9CA8-4CA3-981A-F0F76EB0F521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc31:*:*:*:*:*:*",
              "matchCriteriaId": "A0350F49-CC16-4426-ADCD-7CD4254B6FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc32:*:*:*:*:*:*",
              "matchCriteriaId": "CBED485C-5A6F-430A-82CD-8E4920B93FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc33:*:*:*:*:*:*",
              "matchCriteriaId": "F48FE4FF-8245-4844-99F1-A4F813622A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc34:*:*:*:*:*:*",
              "matchCriteriaId": "ADCBE2AF-442F-47C7-98AA-D9AFDF2DB67F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc35:*:*:*:*:*:*",
              "matchCriteriaId": "481219B2-3B23-4587-8674-D79ADB187EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc36:*:*:*:*:*:*",
              "matchCriteriaId": "254199A7-0054-4CAF-A2A9-E8775B1BC023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc37:*:*:*:*:*:*",
              "matchCriteriaId": "8125A4F8-2574-49FE-990A-D285E9040D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc38:*:*:*:*:*:*",
              "matchCriteriaId": "DA41810F-739D-4134-85B2-4C6FD30EEFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc39:*:*:*:*:*:*",
              "matchCriteriaId": "04CF572B-5E1F-4F25-8914-37EC89EB8B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DAD8E2AF-951F-48EF-90CF-24A5FEB32D67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc40:*:*:*:*:*:*",
              "matchCriteriaId": "85665B14-3D55-4156-9D36-BBEAB8A092A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc41:*:*:*:*:*:*",
              "matchCriteriaId": "4D8677D7-5B12-43D7-9227-5D2631EA3A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc42:*:*:*:*:*:*",
              "matchCriteriaId": "CBAEBC81-BA6F-4EE1-B1C8-4BF7078DA100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc43:*:*:*:*:*:*",
              "matchCriteriaId": "7488DBEF-3F63-4E82-AB77-AF3CB6B14430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc44:*:*:*:*:*:*",
              "matchCriteriaId": "5165C27C-CDE8-43A1-80E6-147D37183299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc45:*:*:*:*:*:*",
              "matchCriteriaId": "E5B5898D-FC53-4D07-A5DC-082BA4D8C987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc46:*:*:*:*:*:*",
              "matchCriteriaId": "7E0E801F-EC32-4C08-A627-79D731BC2825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc47:*:*:*:*:*:*",
              "matchCriteriaId": "DE607124-F29B-436D-976E-DFBEA5EDBF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc48:*:*:*:*:*:*",
              "matchCriteriaId": "52E3E8EC-631A-457E-BC07-ED15E915D24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc49:*:*:*:*:*:*",
              "matchCriteriaId": "1FDC5AAF-EDDF-4526-AEE9-69EC661BFB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "53019FA4-DA26-4CFF-A0C4-E57707435E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc50:*:*:*:*:*:*",
              "matchCriteriaId": "981CE199-DC89-4CB7-8FB1-1E552F396DEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc51:*:*:*:*:*:*",
              "matchCriteriaId": "A62D4B24-C873-4138-A4E9-6B8EBCA3E981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc52:*:*:*:*:*:*",
              "matchCriteriaId": "A515AD50-3ECF-4587-8AD5-5D0E2A768A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc53:*:*:*:*:*:*",
              "matchCriteriaId": "9C8501C3-2191-42E8-9620-741F74CE2F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc54:*:*:*:*:*:*",
              "matchCriteriaId": "1E3213CC-91B6-4E7E-9629-A4C565531B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc55:*:*:*:*:*:*",
              "matchCriteriaId": "B1219C97-9DAA-4791-9D18-64D095938434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc56:*:*:*:*:*:*",
              "matchCriteriaId": "DFC78640-A1BA-4DB0-B9AF-E34DD95171DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc57:*:*:*:*:*:*",
              "matchCriteriaId": "2CA01771-E27C-4CB0-8E0B-1CB71A59F6AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc58:*:*:*:*:*:*",
              "matchCriteriaId": "506FE0BF-D988-44A4-A272-3544024A2E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc59:*:*:*:*:*:*",
              "matchCriteriaId": "7DA43EE9-7412-48CA-B1E7-619AA116D427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "3641DB8D-BE6E-4BF5-8EBC-52C50F0A850A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc60:*:*:*:*:*:*",
              "matchCriteriaId": "38360D89-4A8C-4909-BB77-AACA5D8BF048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc61:*:*:*:*:*:*",
              "matchCriteriaId": "0824EEC4-AFDE-4E8E-B27C-34AA042539C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc62:*:*:*:*:*:*",
              "matchCriteriaId": "F9C2CE70-41EF-47C5-9715-E42D9A4CA345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc63:*:*:*:*:*:*",
              "matchCriteriaId": "C7F3C217-E79A-4BE2-AC4B-3E280CF1162B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc64:*:*:*:*:*:*",
              "matchCriteriaId": "FEAF4A6A-DF67-4C38-B968-8391BA3B027C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc65:*:*:*:*:*:*",
              "matchCriteriaId": "45282628-8F29-4BD0-B4FF-3ECD04DC4584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc66:*:*:*:*:*:*",
              "matchCriteriaId": "BAC07857-306F-4DF7-B586-330A51F86E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc67:*:*:*:*:*:*",
              "matchCriteriaId": "D580D844-A230-4D05-AA9B-1B8F785771CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc68:*:*:*:*:*:*",
              "matchCriteriaId": "AD33F536-BCD9-4205-ABB6-1748F1C04C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc69:*:*:*:*:*:*",
              "matchCriteriaId": "1EC607B1-7205-4C97-B18C-F792F919EB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "DECC37DB-7DBC-490E-BB4D-F358B8BE04F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc70:*:*:*:*:*:*",
              "matchCriteriaId": "76050C92-5441-48AD-A662-AF90CD51A093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc71:*:*:*:*:*:*",
              "matchCriteriaId": "C60BB748-6DB3-40D6-A2FD-725D38B4D717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc72:*:*:*:*:*:*",
              "matchCriteriaId": "10B17B25-3D29-4066-B315-BA5F5D08216F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc73:*:*:*:*:*:*",
              "matchCriteriaId": "C919D78E-8231-4452-BE4B-56F1D7A53745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc74:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DEC50-215A-478D-8A56-CC6896C32E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc75:*:*:*:*:*:*",
              "matchCriteriaId": "075076A9-5171-4F1F-B96E-2E1D4C6D7FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc76:*:*:*:*:*:*",
              "matchCriteriaId": "83BE0072-2296-46A0-86E2-1BB560F23172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc77:*:*:*:*:*:*",
              "matchCriteriaId": "3C4FEF13-459C-48FD-919D-921AA1DA1EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc78:*:*:*:*:*:*",
              "matchCriteriaId": "B5FD43BA-F42B-4B0A-9D0D-3284C5037766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc79:*:*:*:*:*:*",
              "matchCriteriaId": "B95BF825-ACD4-44DC-AAAD-1564C1EAF827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "CEE20367-CF2E-4954-ADE0-D56D2B6A0C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc80:*:*:*:*:*:*",
              "matchCriteriaId": "BA315D47-294C-434F-88E5-A099859C2AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc81:*:*:*:*:*:*",
              "matchCriteriaId": "17B7A29B-75D7-476D-A999-CDDF47DF363C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc82:*:*:*:*:*:*",
              "matchCriteriaId": "CC7498A4-7965-4895-AC92-AFBEDD68A81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc83:*:*:*:*:*:*",
              "matchCriteriaId": "1557399D-2549-42F3-8C0D-B35E25C38DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc84:*:*:*:*:*:*",
              "matchCriteriaId": "E322CBF0-61C0-419A-8513-FE25F511D259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc85:*:*:*:*:*:*",
              "matchCriteriaId": "936AD22D-438D-4500-B677-AFFD19CA0D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc86:*:*:*:*:*:*",
              "matchCriteriaId": "F1AF8FA3-E95F-499A-85C9-D053D5F9F755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc87:*:*:*:*:*:*",
              "matchCriteriaId": "BB3A9596-37F2-447A-8F93-B1E1F5E64D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc88:*:*:*:*:*:*",
              "matchCriteriaId": "104A83DA-82FB-4D6A-A544-ACECCD7EA866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc89:*:*:*:*:*:*",
              "matchCriteriaId": "DD39FDCA-986D-4DB4-8B39-59AACA80E248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "15693730-BABE-4703-8E15-1F42DE819913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc90:*:*:*:*:*:*",
              "matchCriteriaId": "D568E567-C1A1-4BB7-9FB2-9A7044F7360E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc91:*:*:*:*:*:*",
              "matchCriteriaId": "9E266EE8-578C-4991-8E53-1A5BEC8A004D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc92:*:*:*:*:*:*",
              "matchCriteriaId": "D75D7964-98EC-4A71-926B-B6500F852CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc93:*:*:*:*:*:*",
              "matchCriteriaId": "85B0990A-6EC6-44F5-AF3E-CB8C85B8F1AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc94:*:*:*:*:*:*",
              "matchCriteriaId": "4E1EC031-B15E-47A7-97BD-E86D38853F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc95:*:*:*:*:*:*",
              "matchCriteriaId": "614774B4-8A98-41F9-BB9B-603668FDCF36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc96:*:*:*:*:*:*",
              "matchCriteriaId": "1442884B-3A8E-4210-9BB2-F34FB37C2C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc97:*:*:*:*:*:*",
              "matchCriteriaId": "33003367-36D9-4709-B182-9B93615C6F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc98:*:*:*:*:*:*",
              "matchCriteriaId": "1B1C3267-3FBB-4D91-8320-89B07BC7291F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc99:*:*:*:*:*:*",
              "matchCriteriaId": "DCB32D41-1563-40D6-8A59-3E590E10F9B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim\u2019s browser when they open the image URL."
    },
    {
      "lang": "es",
      "value": "En Directus, versiones 9.0.0-alpha.4 hasta 9.4.1 son susceptibles a una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenada por medio de una carga de archivos SVG en la funcionalidad media upload. Un atacante con pocos privilegios puede inyectar c\u00f3digo javascript arbitrario que ser\u00e1 ejecutado en el navegador de la v\u00edctima cuando abra la URL de la imagen"
    }
  ],
  "id": "CVE-2022-22116",
  "lastModified": "2024-11-21T06:46:12.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "vulnerabilitylab@mend.io",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-10T16:15:10.057",
  "references": [
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
    },
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
    }
  ],
  "sourceIdentifier": "vulnerabilitylab@mend.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "vulnerabilitylab@mend.io",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-23 19:15

Modified

2024-11-21 05:58

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	cve@mitre.org	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1339B0-4DEA-4F71-91CA-7C53B889867B",
              "versionEndIncluding": "8.8.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
    },
    {
      "lang": "es",
      "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** En Directus versiones 8.x hasta 8.8.1, un atacante puede detectar si un usuario est\u00e1 presente en la base de datos mediante la funcionalidad password reset.\u0026#xa0;NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"
    }
  ],
  "id": "CVE-2021-27583",
  "lastModified": "2024-11-21T05:58:14.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-23T19:15:14.213",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-23 19:15

Modified

2024-11-21 05:56

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	cve@mitre.org	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/sgranel/directusv8	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	rangerstudio	directus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1339B0-4DEA-4F71-91CA-7C53B889867B",
              "versionEndIncluding": "8.8.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
    },
    {
      "lang": "es",
      "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** En Directus versiones 8.xa hasta 8.8.1, un atacante puede cambiar hacia el rol de administrador (por medio del m\u00e9todo PATCH) sin ning\u00fan control por parte del back-end.\u0026#xa0;NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"
    }
  ],
  "id": "CVE-2021-26594",
  "lastModified": "2024-11-21T05:56:32.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-23T19:15:13.777",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sgranel/directusv8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-26594

Vulnerability from cvelistv5

Published

2021-02-23 18:59

Modified

2024-08-03 20:26

Severity ?

Summary

In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	https://github.com/sgranel/directusv8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sgranel/directusv8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-23T18:59:27",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sgranel/directusv8"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-26594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sgranel/directusv8",
              "refsource": "MISC",
              "url": "https://github.com/sgranel/directusv8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-26594",
    "datePublished": "2021-02-23T18:59:27",
    "dateReserved": "2021-02-02T00:00:00",
    "dateUpdated": "2024-08-03T20:26:25.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26595

Vulnerability from cvelistv5

Published

2021-02-23 19:00

Modified

2024-11-19 15:33

Severity ?

Summary

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	https://github.com/sgranel/directusv8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.482Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sgranel/directusv8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26595",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T15:33:18.988701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T15:33:36.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-23T19:00:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sgranel/directusv8"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-26595",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sgranel/directusv8",
              "refsource": "MISC",
              "url": "https://github.com/sgranel/directusv8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-26595",
    "datePublished": "2021-02-23T19:00:17",
    "dateReserved": "2021-02-02T00:00:00",
    "dateUpdated": "2024-11-19T15:33:36.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26593

Vulnerability from cvelistv5

Published

2021-02-23 18:57

Modified

2024-08-03 20:26

Severity ?

Summary

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	https://github.com/sgranel/directusv8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sgranel/directusv8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-23T18:57:26",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sgranel/directusv8"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-26593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sgranel/directusv8",
              "refsource": "MISC",
              "url": "https://github.com/sgranel/directusv8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-26593",
    "datePublished": "2021-02-23T18:57:26",
    "dateReserved": "2021-02-02T00:00:00",
    "dateUpdated": "2024-08-03T20:26:25.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24814

Vulnerability from cvelistv5

Published

2022-04-04 17:50

Modified

2024-08-03 04:20

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ "media_live_embeds": false }` to the _Options Overrides_ option of the Rich Text HTML interface.

References

▼	URL	Tags
	https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84	x_refsource_CONFIRM
	https://github.com/directus/directus/pull/12020	x_refsource_MISC
	https://github.com/directus/directus/releases/tag/v9.7.0	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	directus	directus	Version: < 9.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/pull/12020"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/releases/tag/v9.7.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "directus",
          "vendor": "directus",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ \"media_live_embeds\": false }` to the _Options Overrides_ option of the Rich Text HTML interface."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-04T17:50:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/pull/12020"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/releases/tag/v9.7.0"
        }
      ],
      "source": {
        "advisory": "GHSA-xmjj-3c76-5w84",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-site Scripting in Directus",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24814",
          "STATE": "PUBLIC",
          "TITLE": "Cross-site Scripting in Directus"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "directus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 9.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "directus"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ \"media_live_embeds\": false }` to the _Options Overrides_ option of the Rich Text HTML interface."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84",
              "refsource": "CONFIRM",
              "url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
            },
            {
              "name": "https://github.com/directus/directus/pull/12020",
              "refsource": "MISC",
              "url": "https://github.com/directus/directus/pull/12020"
            },
            {
              "name": "https://github.com/directus/directus/releases/tag/v9.7.0",
              "refsource": "MISC",
              "url": "https://github.com/directus/directus/releases/tag/v9.7.0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-xmjj-3c76-5w84",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24814",
    "datePublished": "2022-04-04T17:50:11",
    "dateReserved": "2022-02-10T00:00:00",
    "dateUpdated": "2024-08-03T04:20:50.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22116

Vulnerability from cvelistv5

Published

2022-01-10 15:26

Modified

2024-09-17 03:13

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.

References

▼	URL	Tags
	https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	x_refsource_MISC
	https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	directus	directus	Version: 9.0.0 < unspecified Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:00:55.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "directus",
          "vendor": "directus",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "WhiteSource Vulnerability Research Team (WVR)"
        }
      ],
      "datePublic": "2022-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim\u2019s browser when they open the image URL."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-10T15:26:44",
        "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "shortName": "Mend"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to directus version 9.4.2"
        }
      ],
      "source": {
        "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
        "discovery": "UNKNOWN"
      },
      "title": "Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
          "DATE_PUBLIC": "2022-01-04T22:00:00.000Z",
          "ID": "CVE-2022-22116",
          "STATE": "PUBLIC",
          "TITLE": "Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "directus",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "directus"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "WhiteSource Vulnerability Research Team (WVR)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim\u2019s browser when they open the image URL."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10",
              "refsource": "MISC",
              "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
            },
            {
              "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116",
              "refsource": "MISC",
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to directus version 9.4.2"
          }
        ],
        "source": {
          "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
    "assignerShortName": "Mend",
    "cveId": "CVE-2022-22116",
    "datePublished": "2022-01-10T15:26:44.139518Z",
    "dateReserved": "2021-12-21T00:00:00",
    "dateUpdated": "2024-09-17T03:13:41.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-10723

Vulnerability from cvelistv5

Published

2018-05-05 22:00

Modified

2024-08-05 07:46

Severity ?

Summary

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.

References

▼	URL	Tags
	https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-05T22:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10723",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76",
              "refsource": "MISC",
              "url": "https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10723",
    "datePublished": "2018-05-05T22:00:00",
    "dateReserved": "2018-05-04T00:00:00",
    "dateUpdated": "2024-08-05T07:46:46.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27474

Vulnerability from cvelistv5

Published

2023-03-06 16:43

Modified

2025-02-25 15:01

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Summary

Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround.

References

▼	URL	Tags
	https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6	x_refsource_CONFIRM
	https://github.com/directus/directus/issues/17119	x_refsource_MISC
	https://github.com/directus/directus/pull/17120	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	directus	directus	Version: < 9.23.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:09:43.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"
          },
          {
            "name": "https://github.com/directus/directus/issues/17119",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/issues/17119"
          },
          {
            "name": "https://github.com/directus/directus/pull/17120",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/pull/17120"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27474",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:29:56.859843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T15:01:29.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "directus",
          "vendor": "directus",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.23.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-06T16:43:54.836Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"
        },
        {
          "name": "https://github.com/directus/directus/issues/17119",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/issues/17119"
        },
        {
          "name": "https://github.com/directus/directus/pull/17120",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/pull/17120"
        }
      ],
      "source": {
        "advisory": "GHSA-4hmq-ggrm-qfc6",
        "discovery": "UNKNOWN"
      },
      "title": "HTML Injection in Password Reset email to custom Reset URL in directus"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-27474",
    "datePublished": "2023-03-06T16:43:54.836Z",
    "dateReserved": "2023-03-01T19:03:56.631Z",
    "dateUpdated": "2025-02-25T15:01:29.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23080

Vulnerability from cvelistv5

Published

2022-06-22 15:40

Modified

2024-09-17 02:22

Severity ?

Summary

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

References

▼	URL	Tags
	https://www.mend.io/vulnerability-database/CVE-2022-23080	x_refsource_MISC
	https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	directus	directus	Version: v9.0.0-beta.10 < unspecified Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:43.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "directus",
          "vendor": "directus",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "v9.0.0-beta.10",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "v9.6.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mend Vulnerability Research Team (MVR)"
        }
      ],
      "datePublic": "2022-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
              "version": 3.1
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-22T15:40:10",
        "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "shortName": "Mend"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update version to v9.7.0 or later"
        }
      ],
      "source": {
        "advisory": "https://www.mend.io/vulnerability-database/",
        "discovery": "UNKNOWN"
      },
      "title": "directus  - SSRF which leads to internal port scan",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
          "DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM",
          "ID": "CVE-2022-23080",
          "STATE": "PUBLIC",
          "TITLE": "directus  - SSRF which leads to internal port scan"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "directus",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "v9.0.0-beta.10"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "v9.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "directus"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Mend Vulnerability Research Team (MVR)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": 3.1
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mend.io/vulnerability-database/CVE-2022-23080",
              "refsource": "MISC",
              "url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
            },
            {
              "name": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83",
              "refsource": "MISC",
              "url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update version to v9.7.0 or later"
          }
        ],
        "source": {
          "advisory": "https://www.mend.io/vulnerability-database/",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
    "assignerShortName": "Mend",
    "cveId": "CVE-2022-23080",
    "datePublished": "2022-06-22T15:40:10.515121Z",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-09-17T02:22:06.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-29641

Vulnerability from cvelistv5

Published

2021-04-07 21:31

Modified

2024-08-03 22:11

Severity ?

Summary

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).

References

▼	URL	Tags
	https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Apr/14	mailing-list, x_refsource_FULLDISC
	https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/	x_refsource_MISC
	https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/	x_refsource_MISC
	http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:06.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore"
          },
          {
            "name": "20210407 SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Apr/14"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-07T23:06:26",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore"
        },
        {
          "name": "20210407 SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Apr/14"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-29641",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore",
              "refsource": "MISC",
              "url": "https://hub.docker.com/layers/directus/directus/v8.8.2-apache/images/sha256-d9898b6442b0150c3c377b50e706757f35d2d563bd82ddaf97f3ae4ba450a6e6?context=explore"
            },
            {
              "name": "20210407 SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Apr/14"
            },
            {
              "name": "https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/",
              "refsource": "MISC",
              "url": "https://sec-consult.com/de/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/",
              "refsource": "MISC",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/arbitrary-file-upload-and-bypassing-htaccess-rules-in-monospace-directus-headless-cms/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162118/Monospace-Directus-Headless-CMS-File-Upload-Rule-Bypass.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-29641",
    "datePublished": "2021-04-07T21:31:45",
    "dateReserved": "2021-03-30T00:00:00",
    "dateUpdated": "2024-08-03T22:11:06.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22117

Vulnerability from cvelistv5

Published

2022-01-10 15:26

Modified

2024-09-16 18:44

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.

References

▼	URL	Tags
	https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	x_refsource_MISC
	https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	directus	directus	Version: 9.0.0 < unspecified Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:00:55.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "directus",
          "vendor": "directus",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "WhiteSource Vulnerability Research Team (WVR)"
        }
      ],
      "datePublic": "2022-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-10T15:26:45",
        "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "shortName": "Mend"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to directus version 9.4.2"
        }
      ],
      "source": {
        "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
        "discovery": "UNKNOWN"
      },
      "title": "Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
          "DATE_PUBLIC": "2022-01-04T22:00:00.000Z",
          "ID": "CVE-2022-22117",
          "STATE": "PUBLIC",
          "TITLE": "Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "directus",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "directus"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "WhiteSource Vulnerability Research Team (WVR)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10",
              "refsource": "MISC",
              "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
            },
            {
              "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117",
              "refsource": "MISC",
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to directus version 9.4.2"
          }
        ],
        "source": {
          "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
    "assignerShortName": "Mend",
    "cveId": "CVE-2022-22117",
    "datePublished": "2022-01-10T15:26:45.928993Z",
    "dateReserved": "2021-12-21T00:00:00",
    "dateUpdated": "2024-09-16T18:44:02.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-27583

Vulnerability from cvelistv5

Published

2021-02-23 18:54

Modified

2024-08-03 21:26

Severity ?

Summary

In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

▼	URL	Tags
	https://github.com/sgranel/directusv8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-27583",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T18:02:28.378778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:13:16.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:26:10.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sgranel/directusv8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-23T18:54:20",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sgranel/directusv8"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-27583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sgranel/directusv8",
              "refsource": "MISC",
              "url": "https://github.com/sgranel/directusv8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-27583",
    "datePublished": "2021-02-23T18:54:20",
    "dateReserved": "2021-02-23T00:00:00",
    "dateUpdated": "2024-08-03T21:26:10.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-202201-1669

Vulnerability from variot

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL. Directus Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Directus is a real-time API and application dashboard. Used to manage Sql database content

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202201-1669",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "directus",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "rangerstudio",
        "version": "9.4.1"
      },
      {
        "model": "directus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rangerstudio",
        "version": "9.0.0"
      },
      {
        "model": "directus",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rangerstudio",
        "version": "9.0.1"
      },
      {
        "model": "directus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "directus",
        "version": null
      },
      {
        "model": "directus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "directus",
        "version": "9.0.0-alpha.4  to  9.4.1"
      },
      {
        "model": "\u003e=9.0.0-alpha.4,\u003c=9.4.1",
        "scope": null,
        "trust": 0.6,
        "vendor": "directus",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "cve": "CVE-2022-22116",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2022-22116",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2022-08450",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "vulnerabilitylab@mend.io",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "id": "CVE-2022-22116",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-002940",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22116",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "vulnerabilitylab@mend.io",
            "id": "CVE-2022-22116",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22116",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-08450",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-673",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22116",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim\u2019s browser when they open the image URL. Directus Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Directus is a real-time API and application dashboard. Used to manage Sql database content",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22116"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22116",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "id": "VAR-202201-1669",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:32:57.250000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Add\u00a0Content-Security-Policy\u00a0header\u00a0by\u00a0default\u00a0(#10776)",
        "trust": 0.8,
        "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
      },
      {
        "title": "Patch for Directus Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/317436"
      },
      {
        "title": "Directus Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177413"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
      },
      {
        "trust": 1.7,
        "url": "https://www.whitesourcesoftware.com/vulnerability-database/cve-2022-22116"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22116"
      },
      {
        "trust": 0.8,
        "url": "https://www.mend.io/vulnerability-database/cve-2022-22116"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22116"
      },
      {
        "date": "2023-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      },
      {
        "date": "2022-01-10T16:15:10.057000",
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "date": "2022-01-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22116"
      },
      {
        "date": "2023-01-31T02:18:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002940"
      },
      {
        "date": "2022-01-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      },
      {
        "date": "2024-11-21T06:46:12.983000",
        "db": "NVD",
        "id": "CVE-2022-22116"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directus Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-08450"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-673"
      }
    ],
    "trust": 0.6
  }
}

Vulnerabilites related to rangerstudio - directus

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from variot