CVE-2023-1800
CRITICAL9.8EPSS 47.3%sjqzhang go-fastdfs vulnerable to path traversal
Published: 4/2/2023Modified: 5/20/2024
Description
sjqzhang go-fastdfs up to 1.4.3 is vulnerable to path traversal in the function upload of the file `/group1/upload` of the component `File Upload Handler`. The attack may be launched remotely and the exploit has been disclosed to the public and may be used.
Affected packages (2)
- Go/github.com/sjqzhang/go-fastdfsfrom 0, < 1.4.5-0.20230408141131-61cbff5124c6
- Go/github.com/sjqzhang/go-fastdfsfrom 0, < 1.4.5-0.20230408141131-61cbff5124c6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://github.com/advisories/GHSA-xq3x-grrj-fj6x
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-1800
- PATCHhttps://github.com/sjqzhang/go-fastdfs
- WEBhttps://github.com/sjqzhang/go-fastdfs/commit/61cbff5124c61e292994099372b11c06cdb5b80b
- WEBhttps://github.com/yangyanglo/ForCVE/blob/93a16663cd32a36d37d8a0f0102e1592254d0279/2023-0x05.md
- WEBhttps://github.com/yangyanglo/ForCVE/blob/main/2023-0x05.md
- WEBhttps://vuldb.com/?ctiid.224768
- WEBhttps://vuldb.com/?id.224768