Affected by GO-2022-1161 and 2 other vulnerabilities

GO-2022-1161: AList vulnerable to Improper Preservation of Permissions in github.com/alist-org/alist

GO-2022-1171: Alist vulnerable to Path Traversal in github.com/alist-org/alist

GO-2024-3190: Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist

alist

command module

v3.1.0 Latest Latest Go to latest Published: Oct 7, 2022 License: AGPL-3.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

🗂️A file list program that supports multiple storage, powered by Gin and Solidjs.

Please go to our discussion forum for general questions, issues are for bug reports and feature request only.

The AList is open-source software licensed under the AGPL-3.0 license.

This program is a free and open source project. It is designed to share files on the network disk, which is convenient for downloading and learning golang. Please abide by relevant laws and regulations when using it, and do not abuse it;
This program is implemented by calling the official sdk/interface, without destroying the official interface behavior;
This program only does 302 redirect/traffic forwarding, and does not intercept, store, or tamper with any user data;
Before using this program, you should understand and bear the corresponding risks, including but not limited to account ban, download speed limit, etc., which is none of this program's business;
If there is any infringement, please contact me by email, and it will be dealt with in time.

@Blog · @GitHub · @TelegramGroup · @Discord

There is no documentation for this package.

Path	Synopsis
cmd
flags
drivers
123
139
189
189pc
aliyundrive
aliyundrive_share
baidu_netdisk
baidu_photo
base
ftp
google_drive
google_photo
lanzou
local
mediatrack
onedrive
pikpak
quark
s3
sftp
teambition
template
thunder
uss
virtual
webdav
webdav/odrvcookie Package odrvcookie can fetch authentication cookies for a sharepoint webdav endpoint	Package odrvcookie can fetch authentication cookies for a sharepoint webdav endpoint
yandex_disk
internal
aria2
bootstrap
bootstrap/data
conf
db
driver
errs
fs
fuse
message
model
op
setting
sign
pkg
aria2/rpc
cookie
cron
generic_sync
gowebdav Package gowebdav is a WebDAV client library with a command line tool included.	Package gowebdav is a WebDAV client library with a command line tool included.
gowebdav/cmd/gowebdav
sign
singleflight Package singleflight provides a duplicate function call suppression mechanism.	Package singleflight provides a duplicate function call suppression mechanism.
task Package task manage task, such as file upload, file copy between storages, offline download, etc.	Package task manage task, such as file upload, file copy between storages, offline download, etc.
utils
utils/random
public
server
common
handles
middlewares
static
webdav Package webdav provides a WebDAV server implementation.	Package webdav provides a WebDAV server implementation.
webdav/internal/xml Package xml implements a simple XML 1.0 parser that understands XML name spaces.	Package xml implements a simple XML 1.0 parser that understands XML name spaces.