CVE-2023-1800

Name of the Vulnerable Software and Affected Versions sjqzhang go-fastdfs versions up to 1.4.3

Description The issue is related to a path traversal vulnerability in the file upload function of the sjqzhang go-fastdfs distributed file system. This vulnerability can be exploited by a remote attacker to write arbitrary files and execute arbitrary commands. The attack involves manipulating the file path to access restricted directories. The vulnerability can be exploited remotely.

Recommendations For versions up to 1.4.3, as a temporary workaround, consider disabling the file upload function until a patch is available. Restrict access to the /group1/upload endpoint to minimize the risk of exploitation. Avoid using path traversal characters, such as ../, in the file upload function to prevent attackers from writing files to arbitrary locations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.