Lucene search
GoogleOSV:CVE-2022-36031HistoryAug 19, 2022 - 9:15 p.m.
CVE-2022-36031
2022-08-1921:15:08
Google
osv.dev
6
directus
content management
vulnerability
v9.15.0
file access
security fix
user permissions
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filename_disk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the filename_disk field on directus_files.
Related
nvd
nvd
CVE-2022-36031
2022-08-19 21:15:08
osv
osv
Directus vulnerable to unhandled exception on illegal filename_disk value
2022-08-30 20:18:48
cvelist
cvelist
CVE-2022-36031 Unhandled exception on illegal filename_disk value
2022-08-19 20:40:09
github
github
Directus vulnerable to unhandled exception on illegal filename_disk value
2022-08-30 20:18:48
prion
prion
Double free
2022-08-19 21:15:00
cve
cve
CVE-2022-36031
2022-08-19 21:15:08