12Mar
CVE-2024-28239 | Directus up to 10.9.x API GET Request google redirect (GHSA-fr3w-2p22-6w7p)
A vulnerability was found in Directus up to 10.9.x. It has been classified as problematic. This affects an unknown part of the file directus/auth/login/google of the component API GET Request Handler. The manipulation of the argument redirect leads to open redirect. This vulnerability is uniquely identified as CVE-2024-28239. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.