Vulnerabilities > CVE-2023-45820 - Improper Handling of Exceptional Conditions vulnerability in Monospace Directus

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

monospace

CWE-755

NVD

Published: 2023-10-19

Updated: 2023-10-25

Summary

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.

Vulnerable Configurations

Part	Description	Count
Application	Monospace Monospace Directus 10.4.0 Monospace Directus 10.4.2 Monospace Directus 10.4.3 Monospace Directus 10.5.0 Monospace Directus 10.5.1 Monospace Directus 10.5.2 Monospace Directus 10.5.3 Monospace Directus 10.6.1	8

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References