Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.
References
Configurations
History
21 Nov 2024, 08:27
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb - Patch | |
| References | () https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m - Exploit, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
25 Oct 2023, 20:27
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:* | |
| CWE | CWE-755 | |
| References | (MISC) https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb - Patch | |
| References | (MISC) https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m - Exploit, Vendor Advisory | |
| First Time |
Monospace directus
Monospace |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
19 Oct 2023, 19:36
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-19 19:15
Updated : 2024-11-21 08:27
NVD link : CVE-2023-45820
Mitre link : CVE-2023-45820
CVE.ORG link : CVE-2023-45820
JSON object : View
Products Affected
monospace
- directus
CWE
CWE-755
Improper Handling of Exceptional Conditions