Rangerstudio - Directus 7 Api CVE

Filtered by vendor Rangerstudio Subscribe

Filtered by product Directus 7 Api

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-13981	1 Rangerstudio	1 Directus 7 Api	2020-08-24	5.0 MEDIUM	5.3 MEDIUM
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.

Vulnerabilities (CVE)