Main Vulnerability Database SB20240708105

SB20240708105 - Server-Side Request Forgery (SSRF) in Directus

Published: July 8, 2024 Updated: April 23, 2026

Security Bulletin ID SB20240708105

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-39699)

The vulnerability allows a remote user to initiate HTTP GET requests to internal network resources.

The vulnerability exists due to server-side request forgery in the file import functionality when following redirects during URL-based file import. A remote user can supply a URL that redirects to an internal IP address to initiate HTTP GET requests to internal network resources.

The issue is blind, and the response is not returned when the destination IP address is internal.

Remediation

Install update from vendor's website.

References

https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw