CVE-2023-28443, GHSA-8vg2-wf3q-mwv7
npm/directus
Insertion of Sensitive Information into Log File
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the directus_refresh_token
is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
All versions before 9.23.3
Upgrade to version 9.23.3 or above.
2023-03-24
source |