x/vulndb: potential Go vuln in github.com/drakkan/sftpgo: CVE-2022-39220 #1015
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2022-39220 references github.com/drakkan/sftpgo, which may be a Go module.
Description:
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.
References:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: