EPSS
Percentile
15.5%
directus is vulnerable to Information Disclosure. The vulnerability exists due to pinoHTTP in logger.ts because the directus_refresh_token is not properly redacted which allows an attacker to gain sensitive information through the log files.
pinoHTTP
logger.ts
directus_refresh_token
github.com/advisories/GHSA-8vg2-wf3q-mwv7
github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13
github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc
github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7