VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-syj4-5j4a-hkct

Vulnerability ID	VCID-syj4-5j4a-hkct
Aliases	CVE-2023-45820 GHSA-hmgw-9jrg-hf2m
Summary	Directus crashes on invalid WebSocket message Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-755	Improper Handling of Exceptional Conditions
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb
		https://github.com/directus/directus/releases/tag/v10.6.2
CVE-2023-45820		https://nvd.nist.gov/vuln/detail/CVE-2023-45820
GHSA-hmgw-9jrg-hf2m		https://github.com/advisories/GHSA-hmgw-9jrg-hf2m
GHSA-hmgw-9jrg-hf2m		https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:46:08.643073+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/directus/CVE-2023-45820.yml	38.6.0