CVE-2024-27296

Name of the Vulnerable Software and Affected Versions Directus versions prior to 10.8.3

Description Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information, a malicious attacker can look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version.

Recommendations For versions prior to 10.8.3, update to version 10.8.3 or newer to resolve the issue. As a temporary workaround, consider restricting access to the compiled JS bundles to minimize the risk of exploitation.