CVE-2020-28447 Command Injection

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

Uncontrolled Recursion

Overview std/path/filepath is a Go standard library package std/path/filepath Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion...

GO-2022-0522 Stack exhaustion on crafted paths in path/filepath

Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion...

PT-2022-20221 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in Glob in path/filepath, which allows an attacker to cause a panic due to stack exhaustion via a path containing a large...

go -- multiple vulnerabilities

The Go project reports: net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also...

Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-17956)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17956 advisory. go-toolset 1.18.3-1 - Update to golang 1.18.3 golang 1.18.3-1.0.1 - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify...

Album Lock 路径遍历漏洞

Album Lock is an application by Staral Wang personal developer. It is used to hide photos and videos. A path traversal vulnerability exists in Album Lock version 4.0, which stems from some unknown functionality of the file /getImage, where the operation parameter filePaht leads to path traversal...

Path Traversal

github.com/golang/go is vulnerable to Path Traversal. The vulnerability exists because the Clean function of path.go does not properly remove the . prefix when the file path contains :, allowing an attacker to access files outside the expected directory on windows...

CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...

CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...

FreeBSD : go -- multiple vulnerabilities (15888c7e-e659-11ec-b7fe-10c37b4ac2ea)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 15888c7e-e659-11ec-b7fe-10c37b4ac2ea advisory. - The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows...

CVE-2022-0779

CVE-2022-0779 affects the WordPress plugin User Meta (before 2.4.4). The vulnerability stems from the Ajax action um_show_uploaded_file not validating the filepath parameter, enabling a low-privilege user (e.g., subscriber) to perform path traversal and enumerate local server files. The Red Hat a...

go -- multiple vulnerabilities

The Go project reports: crypto/rand: rand.Read hangs with extremely large buffers On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 32 - 1 bytes. crypto/tls: session tickets lack random ticketageadd Session tickets generated by crypto/tls did not contain a randomly...

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

GHSA-C5R9-RX53-Q3GF Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries. This allows attackers...

Path Traversal in Jenkins

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection...

Alkacon Open CMS XSS via Logfile Viewer Settings function

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

VulnCheck KEV: CVE-2020-14864

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...

The vulnerability of the FilePath#listFiles component in the Jenkins automation server, related to the absence of authentication procedures, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the FilePathlistFiles component in the Jenkins automation server is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the FilePath#reading(FileVisitor) component in the Jenkins automation server allows a malicious actor to have unlimited access to read files by using certain operations.

The vulnerability of the FilePathreadingFileVisitor component in Jenkins automation servers is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to gain unlimited access to files by performing certain operations...