Autobot23920

Name of the Vulnerable Software and Affected Versions goshs (affected versions not specified) Description goshs is susceptible to a critical path traversal flaw in the PUT upload functionality. The PUT upload process lacks proper path sanitization, allowing attackers to write arbitrary files to the system. The vulnerability resides in the `httpserver/updown.go` file, specifically lines 20-69, where the `req.URL.Path` is used directly to construct the save path without any validation or sanitization. This allows for the creation of files outside the intended webroot, potentially leading to system compromise. The API endpoint ''/'' is vulnerable, utilizing the PUT method. The vulnerable parameter is `req.URL.Path`. A proof-of-concept (PoC) demonstrates the ability to overwrite files on the system using URL-encoded '..' sequences to traverse the file system. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: goshs (affected versions not specified) Description: A path traversal flaw in goshs allows unauthorized file access and manipulation. The issue resides in the POST multipart upload functionality, specifically within the `httpserver/updown.go` file (lines 71-174). The vulnerability occurs because the target directory is derived from the unsanitized `req.URL.Path` variable, enabling attackers to traverse the file system using directory traversal sequences like `../..`. The filename is sanitized, but the path is not, allowing an attacker to write files to arbitrary locations. The API endpoint ''/upload'' is involved, and the `filename` parameter in the multipart upload is used to control the final filename on disk. This can lead to unauthenticated arbitrary file writes to any existing directory on the filesystem. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions goshs (affected versions not specified) Description A flaw exists in `goshs` that allows for arbitrary file or directory deletion due to a missing `return` statement after a path traversal check in the `deleteFile()` function (`httpserver/handler.go:645-671`). The vulnerability is triggered by a `GET` request to an endpoint like '/<path>?delete'. The function detects '..' in the decoded path but proceeds to `os.RemoveAll` without returning, leading to unauthenticated arbitrary file/directory deletion. The API endpoint ''/<path>?delete'' is vulnerable, with the `path` parameter being the key factor. The vulnerable function is `deleteFile()`. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.