GO-2022-1204 Yapscan's report receiver server vulnerable to path traversal and log injection in github.com/fkie-cad/yapscan

Yapscan's report receiver server vulnerable to path traversal and log injection in github.com/fkie-cad/yapscan...

GO-2023-1607 Yapscan Denial of Service vulnerability in report server in github.com/fkie-cad/yapscan

Yapscan Denial of Service vulnerability in report server in github.com/fkie-cad/yapscan...

GHSA-WXWQ-525W-HCQX Yapscan Denial of Service vulnerability in report server

Impact If you use the report server, it may be vulnerable to a Denial of Service attack. Patches Has been patched in v0.19.2. References The vulnerability was inherited by the following upstream vulnerabilites - golang.org/x/text v0.3.7 - golang.org/x/net 0.0.0-20220906165146-f3363e06e74c...

Path Injection

github.com/fkie-cad/yapscan is vulnerable to path injection. The vulnerability exists due to lack of permission validations in the report receiver server which allows an attacker to perform log injections...

GHSA-9H6H-9G78-86F7 Yapscan's report receiver server vulnerable to path traversal and log injection

Impact If you make use of the report receiver server experimental, a client may be able to forge requests such that arbitrary files on the host can be overwritten subject to permissions of the yapscan server, leading to loss of data. This is particularly problematic if you do not authenticate...

Yapscan's report receiver server vulnerable to path traversal and log injection

Impact If you make use of the report receiver server experimental, a client may be able to forge requests such that arbitrary files on the host can be overwritten subject to permissions of the yapscan server, leading to loss of data. This is particularly problematic if you do not authenticate...