CVE-2025-24366
HIGH7.5EPSS 1.3%SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo
發布日:2025/2/7修改日:2026/3/3
描述
SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: .
受影響套件(4)
- Go/github.com/drakkan/sftpgofrom 0, <= 1.2.2
- Go/github.com/drakkan/sftpgofrom 0
- Go/github.com/drakkan/sftpgo/v2>= 0.9.5, < 2.6.5
- Go/github.com/drakkan/sftpgo/v2from 0, < 2.6.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |