Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #2730 Change-Id: I9c60734d2ad51989ad9137260cbebfee22128872 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/579655 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
- Loading branch information
Showing
2 changed files
with
95 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2730", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"related": [ | ||
"CVE-2024-3400" | ||
], | ||
"summary": "Directory traversal in FilesystemStore in github.com/gorilla/sessions", | ||
"details": "FilesystemStore does not sanitize the Session.ID value, making it vulnerable to directory traversal attacks. If an attacker has control over the contents of the session ID, this can be exploited to write to arbitrary files in the filesystem.\n\nPrograms which do not set session IDs explicitly, or which only set session IDs that will not be interpreted by the filesystem, are not vulnerable.", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/gorilla/sessions", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": { | ||
"imports": [ | ||
{ | ||
"path": "github.com/gorilla/sessions", | ||
"symbols": [ | ||
"CookieStore.Get", | ||
"FilesystemStore.Get", | ||
"FilesystemStore.New", | ||
"FilesystemStore.Save", | ||
"FilesystemStore.erase", | ||
"FilesystemStore.load", | ||
"FilesystemStore.save", | ||
"Registry.Get", | ||
"Registry.Save", | ||
"Save", | ||
"Session.Save" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/gorilla/sessions/pull/274" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2730" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
id: GO-2024-2730 | ||
modules: | ||
- module: github.com/gorilla/sessions | ||
vulnerable_at: 1.2.2 | ||
packages: | ||
- package: github.com/gorilla/sessions | ||
symbols: | ||
- FilesystemStore.save | ||
- FilesystemStore.load | ||
- FilesystemStore.erase | ||
derived_symbols: | ||
- CookieStore.Get | ||
- FilesystemStore.Get | ||
- FilesystemStore.New | ||
- FilesystemStore.Save | ||
- Registry.Get | ||
- Registry.Save | ||
- Save | ||
- Session.Save | ||
summary: Directory traversal in FilesystemStore in github.com/gorilla/sessions | ||
description: |- | ||
FilesystemStore does not sanitize the Session.ID value, | ||
making it vulnerable to directory traversal attacks. | ||
If an attacker has control over the contents of the session ID, | ||
this can be exploited to write to arbitrary files in the | ||
filesystem. | ||
Programs which do not set session IDs explicitly, | ||
or which only set session IDs that will not be | ||
interpreted by the filesystem, are not vulnerable. | ||
related: | ||
- CVE-2024-3400 | ||
references: | ||
- fix: https://github.com/gorilla/sessions/pull/274 | ||
source: | ||
id: go-security-team | ||
created: 2024-04-17T07:45:30.470362-07:00 |