In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.
References
Link | Resource |
---|---|
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS | Technical Description Third Party Advisory |
https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md | Third Party Advisory |
https://github.com/directus/directus/pull/12022 | Patch Third Party Advisory |
https://github.com/directus/directus/releases/tag/v9.7.0 | Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-26T00:00:00
Updated: 2022-12-26T00:00:00
Reserved: 2022-03-12T00:00:00
Link: CVE-2022-26969
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-26T06:15:10.893
Modified: 2023-01-05T17:47:45.147
Link: CVE-2022-26969
JSON object: View
Redhat Information
No data.
CWE