CVE-2023-45820

Name of the Vulnerable Software and Affected Versions Directus versions prior to 10.6.2

Description Directus is a real-time API and App dashboard for managing SQL database content. In affected versions, any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus.

Recommendations For versions prior to 10.6.2, upgrade to version 10.6.2 to resolve the issue. For users unable to upgrade, avoid using websockets as a temporary workaround to minimize the risk of exploitation.