Vulnerability Description
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Monospace | Directus | >= 10.4.0, < 10.6.2 |
Related Weaknesses (CWE)
References
- https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44fPatch
- https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2mExploitVendor Advisory
- https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44fPatch
- https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2mExploitVendor Advisory
FAQ
What is CVE-2023-45820?
CVE-2023-45820 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server recei...
How severe is CVE-2023-45820?
CVE-2023-45820 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45820?
Check the references section above for vendor advisories and patch information. Affected products include: Monospace Directus.