CVE-2023-1800
published 2023-04-02CVE-2023-1800: A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.52%
87.8th percentile
A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | sjqzhang_go-fastdfs | >= 0 < 1.4.5-0.20230408141131-61cbff5124c6 | 1.4.5-0.20230408141131-61cbff5124c6 |
| go-fastdfs_project | go-fastdfs | <= 1.4.3 | — |
| sjqzhang | go-fastdfs | — | — |
| sjqzhang | go-fastdfs | — | — |
| sjqzhang | go-fastdfs | — | — |
| sjqzhang | go-fastdfs | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Path traversal in github.com/sjqzhang/go-fastdfs
osv·2023-04-12
CVE-2023-1800 Path traversal in github.com/sjqzhang/go-fastdfs
Path traversal in github.com/sjqzhang/go-fastdfs
An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server.
GHSA
sjqzhang go-fastdfs vulnerable to path traversal
ghsa·2023-04-02
CVE-2023-1800 [CRITICAL] CWE-22 sjqzhang go-fastdfs vulnerable to path traversal
sjqzhang go-fastdfs vulnerable to path traversal
sjqzhang go-fastdfs up to 1.4.3 is vulnerable to path traversal in the function upload of the file `/group1/upload` of the component `File Upload Handler`. The attack may be launched remotely and the exploit has been disclosed to the public and may be used.
OSV
sjqzhang go-fastdfs vulnerable to path traversal
osv·2023-04-02
CVE-2023-1800 [CRITICAL] sjqzhang go-fastdfs vulnerable to path traversal
sjqzhang go-fastdfs vulnerable to path traversal
sjqzhang go-fastdfs up to 1.4.3 is vulnerable to path traversal in the function upload of the file `/group1/upload` of the component `File Upload Handler`. The attack may be launched remotely and the exploit has been disclosed to the public and may be used.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-02
Published