npm package
@directus/app
pkg:npm/%40directus/app
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24353 | — | < 13.3.1 | 13.3.1 | Jan 23, 2025 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be abl | ||
| CVE-2024-54128 | — | >= 11.0.0, < 13.3.1 | 13.3.1 | Dec 5, 2024 | Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the |
- CVE-2025-24353Jan 23, 2025affected < 13.3.1fixed 13.3.1
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be abl
- CVE-2024-54128Dec 5, 2024affected >= 11.0.0, < 13.3.1fixed 13.3.1
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the