How severe is CVE-2022-36031?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-36031?

This is classified as CWE-755, which is a common weakness in software security.

CVE-2022-36031 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.

Related Vulnerabilities

CVE-2011-2336

MEDIUM

CVSS:6.5(Medium)

An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.

CWE-7552011

CVE-2011-2807

MEDIUM

CVSS:6.5(Medium)

Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.

CWE-7552011

CVE-2016-11034

MEDIUM

CVSS:6.5(Medium)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Sams...

CWE-7552016

CVE-2017-9658

MEDIUM

CVSS:6.5(Medium)

Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff t...

CWE-7552017

CVE-2018-1269

MEDIUM

CVSS:6.5(Medium)

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing cer...

CWE-7552018

CVE-2019-0144

MEDIUM

CVSS:6.5(Medium)

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

CWE-7552019