Vulnerabilities > CVE-2024-27296 - Unspecified vulnerability in Monospace Directus

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
monospace
NVD
Published: 2024-03-01
Updated: 2025-01-03

Summary

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer.

Vulnerable Configurations

Part Description Count
Application
Monospace
316

References