CVE-2026-35393: goshs Path Traversal in Multipart Upload (CRITICAL)
Plattform
go
Komponente
github.com/patrickhener/goshs
Behoben in
1.1.5-0.20260401172448-237f3af891a9
CVE-2026-35393 is a critical path traversal vulnerability in github.com/patrickhener/goshs affecting POST multipart uploads. The target directory for uploads is not sanitized, allowing attackers to write files to arbitrary locations. This affects the default configuration without requiring authentication. Upgrade to version 1.1.5-0.20260401172448-237f3af891a9 to resolve this issue.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35393?
CVE-2026-35393 is a critical path traversal vulnerability in github.com/patrickhener/goshs related to unsanitized POST multipart uploads.
Am I affected by CVE-2026-35393?
You are affected if you are using a vulnerable version of github.com/patrickhener/goshs with the default configuration.
How do I fix CVE-2026-35393?
Upgrade to github.com/patrickhener/goshs version 1.1.5-0.20260401172448-237f3af891a9 or later.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten