GO-2026-4719 Romeo is vulnerable to Archive Slip due to missing checks in sanitization in github.com/ctfer-io/romeo/webserver

Romeo is vulnerable to Archive Slip due to missing checks in sanitization in github.com/ctfer-io/romeo/webserver...

GO-2026-4712 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization in github.com/ctfer-io/monitoring

Monitoring is vulnerable to Archive Slip due to missing checks in sanitization in github.com/ctfer-io/monitoring...

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

CVE-2026-32805

CVE-2026-32805 corresponds to an Archive Slip flaw in Romeo’s webserver sanitization (github.com/ctfer-io/romeo/webserver). The root cause is a missing trailing path separator in the strings.HasPrefix check within sanitizeArchivePath, enabling a crafted tar to traverse outside the intended destin...

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...