43 matches found
CVE-2025-36530 Import Path Traversal Enables Unauthorized Unsigned Plugin Installation
Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...
CVE-2025-36530
Mattermost contains a path traversal vulnerability in the plugin import flow (affecting 9.11.x up to 9.11.17, 10.5.x up to 10.5.8, 10.8.x up to 10.8.3, 10.9.x up to 10.9.1). The root cause is improper validation of file paths during plugin import, which allows restricted admin users to install un...
JeecgBoot 安全漏洞
JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot 3.8.0 and earlier versions that originates from resource consumption due to incorrect manipulation of the parameter File in the file...
Exploit for CVE-2025-31125
CVE-2025-31125 Exploit - Vite WASM Import Path Traversal 🛡️ T...
Malicious code in import-path-rewrite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 363c6630aff7d40a97f07e4d51dbc96358a4ff0a5365c7587cf6570e7005cf8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10843 Malicious code in import-path-rewrite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 363c6630aff7d40a97f07e4d51dbc96358a4ff0a5365c7587cf6570e7005cf8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Incorrect Import Path Directories
Lines of code Vulnerability details Impact Wrong Import Path Directories of LiquidationPair.sol contract would affect the functionality of the contract as this contract relies of the implementation of this imports Proof of Concept 4. import ILiquidationSource from...
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...
SUSE CVE-2018-7187
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
SUSE CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.
The vulnerability of the “go get” command in the Go programming language is related to insufficient validation of input data insufficient checking of the import path when using the “-u” flag. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially create...
Security update for go (important)
This update for go fixes the following issues: - golang: arbitrary command execution via VCS path bsc1081495, CVE-2018-7187 - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely because GOPATH i...
Amazon Linux AMI : golang (ALAS-2018-1130)
In Go before 1.10.6 and 1.11.x before 1.11.3, the 'go get' command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
UBUNTU-CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
PT-2018-3478 · Go +2 · Go +2
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...
Go: Arbitrary code execution
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description A vulnerability in Go was discovered which does not validate the import path of remote repositories. Impact Remote attackers, by enticing a user to import from a...
The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary commands.
The vulnerability of the “go get” command in the Go programming language exists due to insufficient validation of input data insufficient checking of the import path when using the “-insecure” option. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...