Moderate severityNVD Advisory· Published Aug 19, 2022· Updated Apr 22, 2025
Unhandled exception on illegal filename_disk value
CVE-2022-36031
Description
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filename_disk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the filename_disk field on directus_files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
directusnpm | < 9.15.0 | 9.15.0 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-77qm-wvqq-fg79ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36031ghsaADVISORY
- github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.