Vulnerability Report: GO-2023-1713

CVE-2023-1800, GHSA-xq3x-grrj-fj6x
Affects: github.com/sjqzhang/go-fastdfs
Published: Apr 12, 2023
Modified: May 20, 2024

An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-xq3x-grrj-fj6x.

Affected Packages

Path

Go Versions

Symbols
github.com/sjqzhang/go-fastdfs/server

before v1.4.5-0.20230408141131-61cbff5124c6
8 affected symbols

Aliases

CVE-2023-1800
GHSA-xq3x-grrj-fj6x

References

https://github.com/yangyanglo/ForCVE/blob/93a16663cd32a36d37d8a0f0102e1592254d0279/2023-0x05.md
https://vuldb.com/?ctiid.224768
https://vuldb.com/?id.224768
https://github.com/sjqzhang/go-fastdfs/commit/61cbff5124c61e292994099372b11c06cdb5b80b
https://github.com/advisories/GHSA-xq3x-grrj-fj6x
https://vuln.go.dev/ID/GO-2023-1713.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL