Security Advisories for github.com/patrickhener/goshs in go
Moderate
about 1 month ago
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS
go
github.com/patrickhener/goshs, github.com/patrickhener/goshs/v2
Low
about 2 months ago
Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint
go
github.com/patrickhener/goshs/v2, github.com/patrickhener/goshs
Critical
about 2 months ago
goshs has an empty-username SFTP password authentication bypass
go
github.com/patrickhener/goshs/v2, github.com/patrickhener/goshs
High
about 2 months ago
SFTP root escape via prefix-based path validation in goshs
go
github.com/patrickhener/goshs/v2, github.com/patrickhener/goshs
Critical
about 2 months ago
goshs has a file-based ACL authorization bypass in goshs state-changing routes
go
github.com/patrickhener/goshs
High
about 2 months ago
goshs is Missing Write Protection for Parametric Data Values
go
github.com/patrickhener/goshs
Critical
about 2 months ago
goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
go
github.com/patrickhener/goshs
Critical
about 2 months ago
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload
go
github.com/patrickhener/goshs
Critical
about 2 months ago
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload
go
github.com/patrickhener/goshs
Critical
about 1 year ago
goshs route not protected, allows command execution
go
github.com/patrickhener/goshs