Closed julieqiu closed 2 years ago
In GitHub Security Advisory GHSA-f7ff-xf87-f22q, there is a vulnerability in the following Go packages or modules:
See doc/triage.md for instructions on how to triage this report.
packages: - package: github.com/mindoc-org/mindoc versions: - {} description: An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. published: 2022-05-27T00:00:29Z last_modified: 2022-06-09T22:54:49Z cves: - CVE-2022-29637 ghsas: - GHSA-f7ff-xf87-f22q links: context: - https://github.com/advisories/GHSA-f7ff-xf87-f22q
Vulnerability in tool.
Fix is in effectively internal packages.
Change https://go.dev/cl/592769 mentions this issue: data/reports: unexclude 50 reports
data/reports: unexclude 50 reports
In GitHub Security Advisory GHSA-f7ff-xf87-f22q, there is a vulnerability in the following Go packages or modules:
See doc/triage.md for instructions on how to triage this report.