CVE-2024-27296

Directus version number disclosure

Description

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer.

Category

5.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.25%
Vendor Advisory github.com
Affected: directus directus
Published at:
Updated at:

References

Link Tags
https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j vendor advisory
https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0 patch

Frequently Asked Questions

What is the severity of CVE-2024-27296?
CVE-2024-27296 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27296?
To fix CVE-2024-27296, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27296 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27296 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27296?
CVE-2024-27296 affects directus directus.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.