Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
📦 npm

GHSA-j3rg-3rgm-537h

MEDIUM

Directus vulnerable to Server-Side Request Forgery On File Import

Also known asCVE-2023-26492
Published
Mar 3, 2023
Updated
Nov 8, 2023
Affected
1 pkg
Patched
1 / 1
Exploits
1 known

EPSS Exploitation Probability

via FIRST.org ↗
1.0%probability of exploitation in next 30 days
Lower Risk57th percentile+0.73%
0.00%0.49%0.97%1.46%0.1%1.0%Dec 25Apr 26Jun 26

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

1 pkg affected
📦directus

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects npm packages — download data is not available via public APIs for these ecosystems.

Description

Summary

Directus versions <=9.22.4 is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to /files/import). An attacker can bypass the security controls that were implemented to patch vulnerability CVE-2022-23080 by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan (eg. can access internal metadata API for AWS at http://169.254.169.254 event if 169.254.169.254 is in the deny IP list).

Details

DNS rebinding attacks work by running a DNS name server that resolves two different IP addresses when a domain is resolved simultaneously. This type of attack can be exploited to bypass the IP address deny list validation that was added to /api/src/services/file.ts for the function importOne to mitigate the previous SSRF vulnerability CVE-2022-23080. The validation in /api/src/services/file.ts first checks if the resolved IP address for a domain name does not a resolve to an IP address in the deny list:

let ip = resolvedUrl.hostname;

if (net.isIP(ip) === 0) {
    try {
        ip = (await lookupDNS(ip)).address;
    } catch (err: any) {
        logger.warn(err, `Couldn't lookup the DNS for url ${importURL}`);
        throw new ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
            service: 'external-file',
        });
    }
}

if (env.IMPORT_IP_DENY_LIST.includes('0.0.0.0')) {
    const networkInterfaces = os.networkInterfaces();

    for (const networkInfo of Object.values(networkInterfaces)) {
        if (!networkInfo) continue;

        for (const info of networkInfo) {
            if (info.address === ip) {
                logger.warn(`Requested URL ${importURL} resolves to localhost.`);
                throw new ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
                    service: 'external-file',
                });
            }
        }
    }
}

if (env.IMPORT_IP_DENY_LIST.includes(ip)) {
    logger.warn(`Requested URL ${importURL} resolves to a denied IP address.`);
    throw new ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
        service: 'external-file',
    });
}

Once it validates that the resolved IP address is not in the deny list, then it uses axios to GET the url and saves the response content.

try {
    fileResponse = await axios.get<Readable>(encodeURL(importURL), {
        responseType: 'stream',
    });
} catch (err: any) {
    logger.warn(err, `Couldn't fetch file from url "${importURL}"`);
    throw new ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
        service: 'external-file',
    });
}

However, this validation check and fetching the web resource causes to DNS queries that enable a DNS rebinding attack. On the first DNS query, an attacker controlled name server can be configured to resolve to an external IP address that is not in the deny list to bypass the validation. Then when axios is called, the name server resolves the domain name to a local IP address.

PoC

To demonstrate we will be using an online tool named rebinder. Rebinder randomly changes the IP address it resolves to depending on the subdomain. For an example, 7f000001.8efa468e.rbndr.us can resolve to either 142.250.70.142 (google.com) or 127.0.0.1. Sending multiple POST requests to /files/import using this domain will eventually cause a resolution to 142.250.70.142 first to bypass the validation then fetch the sensitive from an internal server when axios is called.

The following screenshots show what it looks like when a successful attack occurs.

Downloading a file named secret.txt from a webserver running from http://127.0.0.1/secret.txt image

Receiving the request from the internal server. Note that the incoming connection is from 127.0.0.1. image

After downloading the file it leaks the content of the secret file. image

Impact

An attacker can exploit this vulnerability to access highly sensitive internal server and steal sensitive information. An example is on Cloud Environments that utilise internal APIs for managing machine and privileges. For an example, if directus is hosted on AWS EC2 instance and has an IAM role assigned to the EC2 instance then an attacker can exploit this vulnerability to steal the AWS access keys to impersonate the EC2 instance using the AWS API.

Affected Packages

1 total 1 fixed
EcosystemPackageVulnerable rangeFix
📦npmdirectusall versions9.23.0
Exploits & PoCs
1

Research use only. For defensive security, authorized penetration testing, and academic research only. Never execute exploit code against systems without explicit written authorization.

Directus is a real-time API and App dashboard for managing SQL database …

github.comNVDMar 2023

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for directus. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update directus to 9.23.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-j3rg-3rgm-537h is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-j3rg-3rgm-537h is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-j3rg-3rgm-537h. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary Directus versions <=9.22.4 is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls that were implemented to patch vulnerability [CVE-2022-23080](https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2934713) by performing a [DNS rebinding attack](https://en.wikipedia.org/wiki/DNS_rebinding) and view sensitive data from internal servers or perform a local port scan (eg. can access internal metadata API for AWS at `http://169.254.169.254` event if `169.254.169.254` is in the de
O3 Security · Impact-Aware SCA

Is GHSA-j3rg-3rgm-537h in your dependencies?

O3 detects GHSA-j3rg-3rgm-537h across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works