Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| directus(npm) | 0 | 10.11.2 | N/A |
CVSS Metrics
