Lucene search
Veracode Vulnerability DatabaseVERACODE:47375HistoryJun 05, 2024 - 11:33 a.m.
Denial Of Service (DoS)
2024-06-0511:33:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
directus
vulnerability
non-numeric length
random string generation
session ids
dos
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
9.0%
directus is vulnerable to Denial Of Service (DoS). The vulnerability is caused by providing a non-numeric length value to the random string generation utility, which prevents the generation of random session IDs, resulting in Denial Of Service (DoS).
Related
cvelist
cvelist
github
github
Directus is soft-locked by providing a string value to random string util
2024-06-04 17:53:29
osv
osv
CVE-2024-36128
2024-06-03 15:15:09
Directus is soft-locked by providing a string value to random string util
2024-06-04 17:53:29
nvd
nvd
CVE-2024-36128
2024-06-03 15:15:09
vulnrichment
vulnrichment
cve
cve
CVE-2024-36128
2024-06-03 15:15:09
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
9.0%
Related for VERACODE:47375