Headline
CVE-2020-19850: [SECURITY] Replay Attack · Issue #982 · directus/v8-archive
An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.
You have these 2 options in the api config which can restict access and add a rate limit.
'cors' => [
'enabled' => true,
'origin' => ['*'],
'methods' => [
'GET',
'POST',
'PUT',
'PATCH',
'DELETE',
'HEAD',
],
'headers' => [],
'exposed_headers' => [],
'max_age' => null, // in seconds
'credentials' => false,
],
'rate_limit' => [
'enabled' => false,
'limit' => 100, // number of request
'interval' => 60, // seconds
'adapter' => 'redis',
'host' => '127.0.0.1',
'port' => 6379,
'timeout' => 10
],Related news
GHSA-3gvp-54v2-2jrp: Directus API vulnerable to denial of service
An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.