Closed sofiachakir closed 4 months ago
Directus9 allow redacted data extraction on the API through "alias".
This security vulnerability is documented here and here.
This PR fixes the issue by checking if the alias fields are supposed to be hashed.
Directus9 allow redacted data extraction on the API through "alias".
This security vulnerability is documented here and here.
This PR fixes the issue by checking if the alias fields are supposed to be hashed.