directus is vulnerable to server-side request forgery. The vulnerability exists in the media upload functionality because it doesn’t allows to configure specific IP addresses to be deny-listed from being imported which allows an attacker to perform network portal scans internally.