An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qdjNmLTdtMzMtcXA2Nc4AAze1
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited
Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename.
Thanks to the report from Mio Li [email protected]
commit 17e791afb90c9ad27c65f63c6be14f2f6a3a9d60 Author: Daniel Valdivia <[email protected]> Date: Tue May 23 08:47:12 2023 -0700 Replace RIGHT-TO-LEFT OVERRIDE unicode (#2828) Signed-off-by: Daniel Valdivia <[email protected]>
Workarounds are to remove the concerned file and rewrite it properly with the right file and extensions. Avoid using RTLO characters in your filenames.Permalink: https://github.com/advisories/GHSA-jv3f-7m33-qp65
Source: GitHub Advisory Database
Published: 6 months ago
Updated: 17 days ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-jv3f-7m33-qp65, CVE-2023-33955
Fixed in: 0.28.0