CVE-2019-13984

2019-07-1914:17:32

mitre

www.cve.org

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

69.1%

JSON

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.

References

github.com/directus/api/issues/981

github.com/directus/api/projects/44