3 matches found
EUVD-2026-39535
SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...
golang: cmd/go: packages using cgo can cause arbitrary code execution at build time
A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...
PT-2009-6629 · Httpdx · Httpdx
Name of the Vulnerable Software and Affected Versions: httpdx versions 1.4.4 and earlier Description: The issue allows remote attackers to obtain the source code for a web page by appending a . dot character to the URI. Recommendations: For httpdx versions 1.4.4 and earlier, consider restricting...