Lucene search
+L

43 matches found

cvelist
cvelist
added 2025/08/21 7:11 a.m.8 views

CVE-2025-36530 Import Path Traversal Enables Unauthorized Unsigned Plugin Installation

Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...

6.8CVSS0.00461EPSS
Exploits0References1
cve
cve
added 2025/08/21 7:11 a.m.34 views

CVE-2025-36530

Mattermost contains a path traversal vulnerability in the plugin import flow (affecting 9.11.x up to 9.11.17, 10.5.x up to 10.5.8, 10.8.x up to 10.8.3, 10.9.x up to 10.9.1). The root cause is improper validation of file paths during plugin import, which allows restricted admin users to install un...

6.8CVSS7AI score0.00461EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2025/05/11 12:0 a.m.5 views

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot 3.8.0 and earlier versions that originates from resource consumption due to incorrect manipulation of the parameter File in the file...

7.5CVSS3.9AI score0.00613EPSS
Exploits1References2
githubexploit
githubexploit
added 2025/05/07 7:45 a.m.354 views

Exploit for CVE-2025-31125

CVE-2025-31125 Exploit - Vite WASM Import Path Traversal 🛡️ T...

5.3CVSS6AI score0.58765EPSS
Exploits9
ossf
ossf
added 2024/11/17 11:24 p.m.5 views

Malicious code in import-path-rewrite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 363c6630aff7d40a97f07e4d51dbc96358a4ff0a5365c7587cf6570e7005cf8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
osv
osv
added 2024/11/17 11:24 p.m.7 views

MAL-2024-10843 Malicious code in import-path-rewrite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 363c6630aff7d40a97f07e4d51dbc96358a4ff0a5365c7587cf6570e7005cf8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
code423n4
code423n4
added 2023/08/07 12:0 a.m.17 views

Incorrect Import Path Directories

Lines of code Vulnerability details Impact Wrong Import Path Directories of LiquidationPair.sol contract would affect the functionality of the contract as this contract relies of the implementation of this imports Proof of Concept 4. import ILiquidationSource from...

7AI score
Exploits0
osv
osv
added 2023/04/03 7:15 p.m.7 views

CVE-2022-43771

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...

6.5CVSS5.8AI score0.23894EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 4:29 a.m.3 views

SUSE CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

8.8CVSS7.7AI score0.63229EPSS
Exploits1References11
susecve
susecve
added 2023/02/15 4:23 a.m.5 views

SUSE CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

7.5CVSS8.6AI score0.66252EPSS
Exploits0References38
bdu_fstec
bdu_fstec
added 2020/04/29 12:0 a.m.9 views

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the “go get” command in the Go programming language is related to insufficient validation of input data insufficient checking of the import path when using the “-u” flag. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially create...

9.3CVSS7.4AI score0.66252EPSS
Exploits0References10Affected Software2
opensuse
opensuse
added 2018/12/29 3:9 p.m.62 views

Security update for go (important)

This update for go fixes the following issues: - golang: arbitrary command execution via VCS path bsc1081495, CVE-2018-7187 - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely because GOPATH i...

9.3CVSS2.1AI score0.63229EPSS
Exploits1References3
nessus
nessus
added 2018/12/17 12:0 a.m.48 views

Amazon Linux AMI : golang (ALAS-2018-1130)

In Go before 1.10.6 and 1.11.x before 1.11.3, the 'go get' command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS8AI score0.66252EPSS
Exploits0References4
osv
osv
added 2018/12/14 2:29 p.m.24 views

CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

8.1CVSS7.1AI score0.05039EPSS
Exploits0References12
attackerkb
attackerkb
added 2018/12/14 2:29 p.m.4 views

CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS9.3AI score0.66252EPSS
Exploits0References15Affected Software1
osv
osv
added 2018/12/14 2:29 p.m.5 views

UBUNTU-CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS7.6AI score0.66252EPSS
Exploits0References3
cvelist
cvelist
added 2018/12/14 2:0 p.m.24 views

CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

6.8CVSS8.3AI score0.05039EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2018/09/07 12:0 a.m.12 views

PT-2018-3478 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...

9.8CVSS7.2AI score0.9857EPSS
Exploits233References381
gentoo
gentoo
added 2018/04/15 12:0 a.m.34 views

Go: Arbitrary code execution

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description A vulnerability in Go was discovered which does not validate the import path of remote repositories. Impact Remote attackers, by enticing a user to import from a...

9.3CVSS4AI score0.63229EPSS
Exploits1
bdu_fstec
bdu_fstec
added 2018/04/04 12:0 a.m.7 views

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary commands.

The vulnerability of the “go get” command in the Go programming language exists due to insufficient validation of input data insufficient checking of the import path when using the “-insecure” option. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...

9.3CVSS7.6AI score0.63229EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder