Ybelenko

**Name of the Vulnerable Software and Affected Versions** Directus versions prior to 2.2.1 **Description** The issue allows for remote code execution due to the uploading of PHP files not being blocked. This can lead to uploads/ /originals remote code execution. **Recommendations** For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the uploads/ /originals directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Directus versions prior to 2.2.2 **Description** The issue is related to insufficient anti-automation measures. Specifically, it is demonstrated by the lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php, which are API endpoints. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue.