CVE-2024-47822: Directus inserts access token from query string into logs

April 14, 2025

Access token from query string is not redacted and is potentially exposed in system logs which may be persisted.

References

github.com/advisories/GHSA-vw58-ph65-6rxp
github.com/directus/directus
github.com/directus/directus/commit/2e893f9c576d5a02506272fe2c0bcc12e6c58768
github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp
nvd.nist.gov/vuln/detail/CVE-2024-47822

Code Behaviors & Features

Detect and mitigate CVE-2024-47822 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →