13 matches found
SUSE CVE-2026-28682
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...
GO-2026-4613 Gokapi has Data Leak in Upload Status Stream in github.com/forceu/gokapi
Gokapi has Data Leak in Upload Status Stream in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
CVE-2026-28682
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...
CVE-2026-28682
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...
CVE-2026-28682 Gokapi: Data Leak in Upload Status Stream
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...
CVE-2026-28682 Gokapi: Data Leak in Upload Status Stream
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...
CVE-2026-28682
Gokapi CVE-2026-28682 affects the self-hosted file sharing server Gokapi prior to 2.2.3. The vulnerability lies in the upload status SSE implementation for /uploadStatus, which previously published the global upload state to any authenticated listener and included file_id values not scoped to the...
CVE-2026-28682 Gokapi: Data Leak in Upload Status Stream
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...
Gokapi 访问控制错误漏洞
Gokapi is a lightweight, self-hosted alternative to Firefox sending by Marc Bulling. Versions of Gokapi prior to 2.2.3 contained an access control vulnerability. This vulnerability stemmed from the SSE implementation for upload status on /uploadStatus, which exposed the global upload status to an...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the upload status SSE implementation on /uploadStatus, which publishes global upload state to any authenticated listener and includes fileid values not scoped to the requesting user. A...
GHSA-C36C-7PC2-F2PH Gokapi has Data Leak in Upload Status Stream
Description The upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting user. Impact Any authenticated user can observe other users' file identifiers and retrieve unauthorized...
Gokapi has Data Leak in Upload Status Stream
Description The upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting user. Impact Any authenticated user can observe other users' file identifiers and retrieve unauthorized...
PT-2026-23602
Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that supports automatic expiration and encryption. The upload status Server-Sent Events SSE implementation on the /uploadStatus API endpoint publishes globa...