Описание
goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function dispatchReadPump does not checks the option cli -c, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue.
EPSS
Процентиль: 8%
0.00029
Низкий
9.4 Critical
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 9.4
github
9 месяцев назад
goshs route not protected, allows command execution
EPSS
Процентиль: 8%
0.00029
Низкий
9.4 Critical
CVSS3
Дефекты
CWE-77