CVE-2026-35392: goshs Path Traversal Vulnerability (CRITICAL)
Plattform
go
Komponente
github.com/patrickhener/goshs
Behoben in
1.1.5-0.20260401172448-237f3af891a9
CVE-2026-35392 is a critical path traversal vulnerability in github.com/patrickhener/goshs. The PUT upload functionality lacks path sanitization, allowing attackers to write files to arbitrary locations on the server. This affects the default configuration without requiring authentication. Upgrade to version 1.1.5-0.20260401172448-237f3af891a9 to resolve this issue.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35392?
CVE-2026-35392 is a critical path traversal vulnerability in github.com/patrickhener/goshs that allows attackers to write files to arbitrary locations.
Am I affected by CVE-2026-35392?
You are affected if you are using a vulnerable version of github.com/patrickhener/goshs with the default configuration.
How do I fix CVE-2026-35392?
Upgrade to github.com/patrickhener/goshs version 1.1.5-0.20260401172448-237f3af891a9 or later.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten