Security Advisory

CVE-2019-13981

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-19 14:17:58

Last updated 2024-08-05 00:05:44

Assigner mitre

State PUBLISHED

Description

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.

← Browse all CVEs View on cve.org ↗