BIT-GOLANG-2022-30632 Stack exhaustion on crafted paths in path/filepath

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators...

BIT-JENKINS-2021-21694

FilePathtoURI, FilePathhasSymlink, FilePathabsolutize, FilePathisDescendant, and FilePathgetDiskSpace do not check any permissions in Jenkins LTS 2.303.2 and earlier...

BIT-JENKINS-2021-21695

FilePathlistFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins LTS 2.303.2 and earlier...

BIT-GOLANG-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

CentOS 9 : grafana-pcp-3.2.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the grafana-pcp-3.2.0-2.el9 build changelog. - net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - io/fs: stack exhaustion in Glob CVE-2022-30630 -...

Design/Logic Flaw

A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack...

PT-2024-15650 · Git +2 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A user who is already privileged as manager or admin can exploit this issue by setting their profile picture via the frontend API using a relative...

CVE-2024-24024

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

CVE-2024-24024

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

PT-2024-20241 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Amazon Linux AMI : golang (ALAS-2024-1903)

The version of golang installed on the remote host is prior to 1.20.12-1.49. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1903 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read ma...

Amazon Linux 2 : golang (ALAS-2024-2388)

The version of golang installed on the remote host is prior to 1.20.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2388 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many...

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-477)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-477 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP clie...

The vulnerability of the Go programming language’s filepath package, which allows attackers to disclose protected information

The vulnerability of the Go programming language’s filepath package is related to incorrect restrictions on the path name for restricted access directories. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information...

Fedora 39 : golang (2023-e57f5a2301)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e57f5a2301 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...

Fedora 38 : golang (2023-ace2655259)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ace2655259 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...

Fedora 37 : golang (2023-7e185b8c12)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7e185b8c12 advisory. Includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20-openssl (SUSE-SU-2023:4472-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4472-1 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing...