10 matches found
CVE-2025-15414
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...
EUVD-2025-206134
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing manipulation of the argument uri can lead to server-side request forgery. The attack may be launched remotely...
CVE-2025-15414
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...
CVE-2025-15414
The CVE-2025-15414 issue affects go-sonic up to version 1.1.4, specifically the FetchTheme function in service/theme/git_fetcher.go of the Theme Fetching API. The root cause is manipulation of the uri argument that enables server-side request forgery (SSRF), with the attack potentially executable...
CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...
CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...
CVE-2025-15414
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...
PT-2026-1030
Name of the Vulnerable Software and Affected Versions go-sonic versions up to 1.1.4 Description A server-side request forgery issue exists in the Theme Fetching API of go-sonic. The flaw is located in the FetchTheme function within the service/theme/git fetcher.go file. Manipulation of the uri...
GO-2023-1509 Path Traversal in github.com/go-sonic/sonic
Path Traversal in github.com/go-sonic/sonic...
Path Traversal
github.com/go-sonic/sonic is vulnerable to Path Traversal. The vulnerability exists because the BackupWholeSite function of backup.go does not properly sanitize the file path in the toBackupPath parameter, allowing an attacker to access files outside the expected directory...