Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality, which allows a low privileged user to perform internal network port scans.
CPE | Name | Operator | Version |
---|---|---|---|
directus | lt | 9.7.0 | |
directus | ge | 9.0.0-beta.2 |