Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directus is soft-locked by providing a string value to random string util
Vulnerability Description
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
Directus 安全漏洞
Vulnerability Description
Directus是一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 10.11.2之前版本存在安全漏洞,该漏洞源于通过向随机字符串实用程序提供非数字长度值来破坏平台范围内生成随机字符串的能力,从而导致拒绝服务的情况。
CVSS Information
N/A
Vulnerability Type
N/A