Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ejme-tqn4-byhk
Vulnerability ID VCID-ejme-tqn4-byhk
Aliases CVE-2024-27296
GHSA-5mhg-wv8w-p59j
Summary Directus version number disclosure ### Impact Currently the exact Directus version number is being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. ### Patches The problem has been resolved in versions 10.8.3 and newer ### Workarounds None
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00437 https://api.first.org/data/v1/epss?cve=CVE-2024-27296
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-5mhg-wv8w-p59j
cvssv3.1 5.3 https://github.com/directus/directus
generic_textual MODERATE https://github.com/directus/directus
cvssv3.1 5.3 https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0
generic_textual MODERATE https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0
ssvc Track https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0
cvssv3.1 5.3 https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j
cvssv3.1_qr MODERATE https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j
generic_textual MODERATE https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j
ssvc Track https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-27296
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-27296
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-27296
https://github.com/directus/directus
https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0
CVE-2024-27296 https://nvd.nist.gov/vuln/detail/CVE-2024-27296
GHSA-5mhg-wv8w-p59j https://github.com/advisories/GHSA-5mhg-wv8w-p59j
GHSA-5mhg-wv8w-p59j https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/directus/directus
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-01T19:28:33Z/ Found at https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-01T19:28:33Z/ Found at https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27296
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.63372
EPSS Score 0.00437
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:03:31.628460+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/directus/CVE-2024-27296.yml 38.6.0