Severity: Critical
CVSS Score: 9.8
In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.