Vulnerability Report: GO-2023-1555

CVE-2023-25168, GHSA-66p8-j459-rq63
Affects: github.com/pterodactyl/wings
Published: Aug 20, 2024
Unreviewed

Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system in github.com/pterodactyl/wings

For detailed information about this vulnerability, visit https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63 or https://nvd.nist.gov/vuln/detail/CVE-2023-25168.

Affected Modules

Path

Go Versions
github.com/pterodactyl/wings

before v1.7.4, from v1.11.0 before v1.11.4

Aliases

CVE-2023-25168
GHSA-66p8-j459-rq63

References

https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
https://nvd.nist.gov/vuln/detail/CVE-2023-25168
https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d
https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
https://vuln.go.dev/ID/GO-2023-1555.json

Feedback

This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL