Lucene search
K

13 matches found

Veracode
Veracode
added 2026/05/16 5:25 a.m.6 views

Path Traversal

github.com/ctfer-io/monitoring is vulnerable to a Path Traversal. The vulnerability is due to a missing trailing path separator in the strings.HasPrefix check within the sanitizeArchivePath function, which allows an attacker to perform arbitrary file writes via a crafted archive, potentially...

9.8CVSS7.1AI score0.00655EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS5.8AI score0.00655EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 2:39 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the sanitizeArchivePath function. An attacker can overwrite arbitrary files, such as shell configuration files, SSH keys, kubeconfig, or crontabs, by supplying crafted archive entries that exploit improper path...

9.8CVSS6.7AI score0.00655EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 12:29 a.m.21 views

CVE-2026-32771 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS0.00655EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/20 12:29 a.m.4 views

CVE-2026-32771 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS5.8AI score0.00655EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:29 a.m.4 views

CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

8.8CVSS5.8AI score0.00655EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Monitoring 路径遍历漏洞

Monitoring is an open-source component developed by CTFer.io for collecting and processing monitoring data. Versions of Monitoring prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from the sanitizeArchivePath function’s inability to prevent path traversal, which...

9.8CVSS6.8AI score0.00655EPSS
Exploits1References3
NVD
NVD
added 2026/03/18 11:17 p.m.5 views

CVE-2026-32805

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS0.00434EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/18 10:24 p.m.22 views

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS0.00434EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 10:24 p.m.2 views

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS5.9AI score0.00434EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 10:24 p.m.4 views

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS6.5AI score0.00434EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/16 8:46 p.m.13 views

Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...

9.8CVSS5.9AI score0.00655EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25863

Name of the Vulnerable Software and Affected Versions Romeo versions prior to 0.2.2 Description Romeo, a Go code coverage tool, contains a path traversal flaw in the sanitizeArchivePath function located in webserver/api/v1/decoder.go lines 80-88. This is due to a missing trailing path separator i...

8.3CVSS6.5AI score0.00434EPSS
Exploits1References11
Rows per page
Query Builder