8 matches found
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the collaborator websocket feed, which broadcasts raw request headers, including sensitive authorization data, before access control is enforced. An attacker can gain unauthorized...
CVE-2026-40885
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...
CVE-2026-40885
CVE-2026-40885 (goshs) involves a credential leakage in goshs, a Go-based SimpleHTTPServer. From 2.0.0-beta.4 to beta.5, the public collaborator feed leaks file-based ACL credentials and can expose a victim’s folder-specific Basic auth header to unauthenticated websocket observers. This enables a...
CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...
CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...
GHSA-7H3J-592V-JCRP goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
Summary goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the collaborator websocket broadcasts raw request headers, including...
goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
Summary goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the collaborator websocket broadcasts raw request headers, including...
PT-2026-33234
Summary goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the collaborator websocket broadcasts raw request headers, including...