CVE-2020-19850: Directus API vulnerable to denial of service
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.47847%
CWE
Published
4/4/2023
Updated
4/7/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
directus | npm | = 2.2.0 | 2.2.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information indicates a general lack of request rate limiting in Directus API v2.2.0, but does not specify any particular functions responsible for this weakness. Without access to the GitHub patch details, commit diffs, or specific code references from the advisory (beyond high-level issue mentions), there is insufficient evidence to identify exact vulnerable functions with high confidence. The CWE-400 classification suggests a systemic issue in request handling infrastructure rather than a localized function vulnerability. The patched version 2.2.1 likely introduced rate-limiting mechanisms, but the absence of technical implementation details prevents precise function identification.