PT-2026-34060 · Goshs+1 · Goshs
Jaisurya-Me
·
Published
2026-04-21
·
Updated
2026-05-12
·
CVE-2026-40903
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
goshs versions prior to 2.0.0-beta.6
Description
goshs is a SimpleHTTPServer written in Go. An ArtiPACKED issue allows the leakage of the
GITHUB TOKEN through workflow artifacts, even when the token is not included in the repository source code.Recommendations
Update to version 2.0.0-beta.6.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Goshs