github.com/gobbscom/go-bbs is vulnerable to Directory Traversal. The vulnerability exists in the init
function of router.go
, which allows an attacker to bypass file download restrictions through the /api/v1/download
component and download arbitrary file from the host.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gobbscom/go-bbs | eq | HEAD | |
github.com/gobbscom/go-bbs | eq | HEAD |