github.com/sjqzhang/go-fastdfs is vulnerable to Path Traversal. The vulnerability exists because the Upload
function of fileserver.go
does not properly check custom paths, which allows an attacker to access files outside the expected directory through the /group1/upload
in the File Upload Handler
component.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/sjqzhang/go-fastdfs | le | v1.4.3 | |
github.com/sjqzhang/go-fastdfs | le | v1.4.3 |