CVE-2024-39701 Information

Description

Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0 <=v10.5.3 improperly handles _in _nin operators. It evaluates empty arrays as valid so expressions like ole\

Reference

https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm