directus is vulnerable to Server-side Request Forgery (SSRF). The vulnerability exists when importing a file from a remote web server (POST to /files/import), allowing an attacker to bypass the security controls that were implemented to patch the CVE-2022-23080 vulnerability by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan.