Vulnerabilities > CVE-2024-36128 - Improper Check for Unusual or Exceptional Conditions vulnerability in Monospace Directus

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
monospace
CWE-754
NVD
Published: 2024-06-03
Updated: 2025-01-03

Summary

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2.

Vulnerable Configurations

Part Description Count
Application
Monospace
331

Common Weakness Enumeration (CWE)

References