Miggo Logo

CVE-2020-19850: Directus API vulnerable to denial of service

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.47847%
Published
4/4/2023
Updated
4/7/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
directusnpm= 2.2.02.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information indicates a general lack of request rate limiting in Directus API v2.2.0, but does not specify any particular functions responsible for this weakness. Without access to the GitHub patch details, commit diffs, or specific code references from the advisory (beyond high-level issue mentions), there is insufficient evidence to identify exact vulnerable functions with high confidence. The CWE-400 classification suggests a systemic issue in request handling infrastructure rather than a localized function vulnerability. The patched version 2.2.1 likely introduced rate-limiting mechanisms, but the absence of technical implementation details prevents precise function identification.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* *oun* in *ir**tus *PI v.*.*.* *llows * r*mot* *tt**k*r to **us* * **ni*l o* s*rvi** vi* * *r**t *mount o* *TTP r*qu*sts.

Reasoning

T** provi*** vuln*r**ility in*orm*tion in*i**t*s * **n*r*l l**k o* r*qu*st r*t* limitin* in *ir**tus *PI v*.*.*, *ut *o*s not sp**i*y *ny p*rti*ul*r *un*tions r*sponsi*l* *or t*is w**kn*ss. Wit*out ****ss to t** *it*u* p*t** **t*ils, *ommit *i**s, or