CVE-2026-33528 (GCVE-0-2026-33528)
Vulnerability from cvelistv5 – Published: 2026-03-26 19:24 – Updated: 2026-03-27 13:57
VLAI?
Title
GoDoxy has a Path Traversal Vulnerability in its File API
Summary
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = "config"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:"required"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container's UID. Version 0.27.5 fixes the issue.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33528",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:45:54.133084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:57:45.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "godoxy",
"vendor": "yusing",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = \"config\"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:\"required\"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container\u0027s UID. Version 0.27.5 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:24:50.452Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v"
},
{
"name": "https://github.com/yusing/godoxy/commit/a541d75bb50f1b542c096d8bc8082c3549f5c059",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yusing/godoxy/commit/a541d75bb50f1b542c096d8bc8082c3549f5c059"
},
{
"name": "https://github.com/yusing/godoxy/releases/tag/v0.27.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yusing/godoxy/releases/tag/v0.27.5"
}
],
"source": {
"advisory": "GHSA-4753-cmc8-8j9v",
"discovery": "UNKNOWN"
},
"title": "GoDoxy has a Path Traversal Vulnerability in its File API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33528",
"datePublished": "2026-03-26T19:24:50.452Z",
"dateReserved": "2026-03-20T18:05:11.830Z",
"dateUpdated": "2026-03-27T13:57:45.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33528\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-26T20:16:14.913\",\"lastModified\":\"2026-03-30T13:26:50.827\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = \\\"config\\\"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:\\\"required\\\"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container\u0027s UID. Version 0.27.5 fixes the issue.\"},{\"lang\":\"es\",\"value\":\"GoDoxy es un proxy inverso y orquestador de contenedores para autoalojadores. Antes de la versi\u00f3n 0.27.5, el endpoint de la API de contenido de archivos en \u0027/api/v1/file/content\u0027 es vulnerable a salto de ruta. El par\u00e1metro de consulta \u0027filename\u0027 se pasa directamente a \u0027path.Join(common.ConfigBasePath, filename)\u0027 donde \u0027ConfigBasePath = \\\"config\\\"\u0027 (una ruta relativa). No se aplica ninguna sanitizaci\u00f3n ni validaci\u00f3n m\u00e1s all\u00e1 de verificar que el campo no est\u00e9 vac\u00edo (\u0027binding:\\\"required\\\"\u0027). Un atacante autenticado puede usar secuencias \u0027../\u0027 para leer o escribir archivos fuera del directorio \u0027config/\u0027 previsto, incluyendo claves privadas TLS, tokens de actualizaci\u00f3n de OAuth y cualquier archivo accesible al UID del contenedor. La versi\u00f3n 0.27.5 soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://github.com/yusing/godoxy/commit/a541d75bb50f1b542c096d8bc8082c3549f5c059\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/yusing/godoxy/releases/tag/v0.27.5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33528\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T13:45:54.133084Z\"}}}], \"references\": [{\"url\": \"https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-27T13:45:48.406Z\"}}], \"cna\": {\"title\": \"GoDoxy has a Path Traversal Vulnerability in its File API\", \"source\": {\"advisory\": \"GHSA-4753-cmc8-8j9v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"yusing\", \"product\": \"godoxy\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.27.5\"}]}], \"references\": [{\"url\": \"https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v\", \"name\": \"https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/yusing/godoxy/commit/a541d75bb50f1b542c096d8bc8082c3549f5c059\", \"name\": \"https://github.com/yusing/godoxy/commit/a541d75bb50f1b542c096d8bc8082c3549f5c059\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/yusing/godoxy/releases/tag/v0.27.5\", \"name\": \"https://github.com/yusing/godoxy/releases/tag/v0.27.5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = \\\"config\\\"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:\\\"required\\\"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container\u0027s UID. Version 0.27.5 fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-26T19:24:50.452Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33528\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T13:57:45.401Z\", \"dateReserved\": \"2026-03-20T18:05:11.830Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-26T19:24:50.452Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-4753-CMC8-8J9V
Vulnerability from github – Published: 2026-03-24 16:35 – Updated: 2026-03-27 21:18
VLAI?
Summary
GoDoxy has a Path Traversal Vulnerability in its File API
Details
Summary
The file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Join(common.ConfigBasePath, filename) where ConfigBasePath = "config" (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (binding:"required").
An authenticated attacker can use ../ sequences to read or write files outside the intended config/ directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container's UID.
Root Cause
File: internal/api/v1/file/get.go, lines 68-73:
func (t FileType) GetPath(filename string) string {
if t == FileTypeMiddleware {
return path.Join(common.MiddlewareComposeBasePath, filename)
}
return path.Join(common.ConfigBasePath, filename)
}
common.ConfigBasePath = "config"— relative path, not absolutepath.Join("config", "../certs/key.pem")normalizes to"certs/key.pem"— escapingconfig/- No call to
strings.HasPrefix,filepath.Rel, or any containment check exists - The
format:"filename"struct tag is an OpenAPI/Swagger annotation only, not enforced by the validator
Proof of Concept
Environment
- GoDoxy v0.27.4 (
ghcr.io/yusing/godoxy:latest) - Authentication enabled with default credentials (
admin/password)
Steps to Reproduce
Step 1 — Authenticate:
Step 2 — Read file outside config/ via path traversal:
GET /api/v1/file/content?type=config&filename=../certs/secret-agent-key.pem HTTP/1.1
Host: localhost:8888
Cookie: godoxy_token=<JWT>
HTTP Response
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 43
Content-Type: application/godoxy+yaml
Expires: 0
Pragma: no-cache
THIS_IS_A_SECRET_PRIVATE_KEY_FOR_AGENT_TLS
Impact
Files accessible via this vulnerability
Path (relative to config/) |
Contents | Risk |
|---|---|---|
../certs/agents/{host}.zip |
CA cert + server cert + TLS private key | Impersonate GoDoxy server to remote agents |
../data/oauth_refresh_tokens.json |
OIDC refresh tokens for all active sessions | Account takeover via token reuse |
../../etc/ssl/certs/ca-certificates.crt |
System CA certificates | Information disclosure |
| Any file readable by UID 1000 | Depends on mounted volumes | Variable |
The PUT /api/v1/file/content endpoint is also affected. While the content must pass YAML schema validation (config or provider format), an attacker can write valid provider YAML files outside config/, potentially injecting malicious route definitions.
Suggested Remediation
Validate that the resolved path remains within the base directory:
func (t FileType) GetPath(filename string) (string, error) {
var base string
if t == FileTypeMiddleware {
base = common.MiddlewareComposeBasePath
} else {
base = common.ConfigBasePath
}
absBase, _ := filepath.Abs(base)
resolved, _ := filepath.Abs(filepath.Join(base, filename))
if !strings.HasPrefix(resolved, absBase+string(filepath.Separator)) {
return "", fmt.Errorf("path traversal detected: %s", filename)
}
return resolved, nil
}
Severity ?
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/yusing/godoxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33528"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-24T16:35:30Z",
"nvd_published_at": "2026-03-26T20:16:14Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nThe file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = \"config\"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:\"required\"`).\n\nAn authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container\u0027s UID.\n\n## Root Cause\n\n**File:** `internal/api/v1/file/get.go`, lines 68-73:\n\n```go\nfunc (t FileType) GetPath(filename string) string {\n if t == FileTypeMiddleware {\n return path.Join(common.MiddlewareComposeBasePath, filename)\n }\n return path.Join(common.ConfigBasePath, filename)\n}\n```\n\n- `common.ConfigBasePath = \"config\"` \u2014 relative path, not absolute\n- `path.Join(\"config\", \"../certs/key.pem\")` normalizes to `\"certs/key.pem\"` \u2014 escaping `config/`\n- No call to `strings.HasPrefix`, `filepath.Rel`, or any containment check exists\n- The `format:\"filename\"` struct tag is an OpenAPI/Swagger annotation only, not enforced by the validator\n\n## Proof of Concept\n\n### Environment\n\n- GoDoxy v0.27.4 (`ghcr.io/yusing/godoxy:latest`)\n- Authentication enabled with default credentials (`admin`/`password`)\n\n### Steps to Reproduce\n\n**Step 1 \u2014 Authenticate:**\n\n**Step 2 \u2014 Read file outside config/ via path traversal:**\n\n```http\nGET /api/v1/file/content?type=config\u0026filename=../certs/secret-agent-key.pem HTTP/1.1\nHost: localhost:8888\nCookie: godoxy_token=\u003cJWT\u003e\n```\n\n### HTTP Response\n\n```\nHTTP/1.1 200 OK\nCache-Control: no-cache, no-store, must-revalidate\nContent-Length: 43\nContent-Type: application/godoxy+yaml\nExpires: 0\nPragma: no-cache\n\nTHIS_IS_A_SECRET_PRIVATE_KEY_FOR_AGENT_TLS\n```\n\u003cimg width=\"1489\" height=\"286\" alt=\"image\" src=\"https://github.com/user-attachments/assets/05f3464f-20ba-4913-830d-9fcc2fa1a2e3\" /\u003e\n\n## Impact\n\n### Files accessible via this vulnerability\n\n| Path (relative to `config/`) | Contents | Risk |\n|-------------------------------|----------|------|\n| `../certs/agents/{host}.zip` | CA cert + server cert + **TLS private key** | Impersonate GoDoxy server to remote agents |\n| `../data/oauth_refresh_tokens.json` | OIDC refresh tokens for all active sessions | Account takeover via token reuse |\n| `../../etc/ssl/certs/ca-certificates.crt` | System CA certificates | Information disclosure |\n| Any file readable by UID 1000 | Depends on mounted volumes | Variable |\n\nThe `PUT /api/v1/file/content` endpoint is also affected. While the content must pass YAML schema validation (config or provider format), an attacker can write valid provider YAML files outside `config/`, potentially injecting malicious route definitions.\n\n\n## Suggested Remediation\n\nValidate that the resolved path remains within the base directory:\n\n```go\nfunc (t FileType) GetPath(filename string) (string, error) {\n var base string\n if t == FileTypeMiddleware {\n base = common.MiddlewareComposeBasePath\n } else {\n base = common.ConfigBasePath\n }\n\n absBase, _ := filepath.Abs(base)\n resolved, _ := filepath.Abs(filepath.Join(base, filename))\n\n if !strings.HasPrefix(resolved, absBase+string(filepath.Separator)) {\n return \"\", fmt.Errorf(\"path traversal detected: %s\", filename)\n }\n\n return resolved, nil\n}\n```",
"id": "GHSA-4753-cmc8-8j9v",
"modified": "2026-03-27T21:18:00Z",
"published": "2026-03-24T16:35:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33528"
},
{
"type": "WEB",
"url": "https://github.com/yusing/godoxy/commit/a541d75bb50f1b542c096d8bc8082c3549f5c059"
},
{
"type": "PACKAGE",
"url": "https://github.com/yusing/godoxy"
},
{
"type": "WEB",
"url": "https://github.com/yusing/godoxy/releases/tag/v0.27.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "GoDoxy has a Path Traversal Vulnerability in its File API"
}
FKIE_CVE-2026-33528
Vulnerability from fkie_nvd - Published: 2026-03-26 20:16 - Updated: 2026-03-30 13:26
Severity ?
Summary
GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = "config"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:"required"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container's UID. Version 0.27.5 fixes the issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = \"config\"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:\"required\"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container\u0027s UID. Version 0.27.5 fixes the issue."
},
{
"lang": "es",
"value": "GoDoxy es un proxy inverso y orquestador de contenedores para autoalojadores. Antes de la versi\u00f3n 0.27.5, el endpoint de la API de contenido de archivos en \u0027/api/v1/file/content\u0027 es vulnerable a salto de ruta. El par\u00e1metro de consulta \u0027filename\u0027 se pasa directamente a \u0027path.Join(common.ConfigBasePath, filename)\u0027 donde \u0027ConfigBasePath = \"config\"\u0027 (una ruta relativa). No se aplica ninguna sanitizaci\u00f3n ni validaci\u00f3n m\u00e1s all\u00e1 de verificar que el campo no est\u00e9 vac\u00edo (\u0027binding:\"required\"\u0027). Un atacante autenticado puede usar secuencias \u0027../\u0027 para leer o escribir archivos fuera del directorio \u0027config/\u0027 previsto, incluyendo claves privadas TLS, tokens de actualizaci\u00f3n de OAuth y cualquier archivo accesible al UID del contenedor. La versi\u00f3n 0.27.5 soluciona el problema."
}
],
"id": "CVE-2026-33528",
"lastModified": "2026-03-30T13:26:50.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-26T20:16:14.913",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/yusing/godoxy/commit/a541d75bb50f1b542c096d8bc8082c3549f5c059"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/yusing/godoxy/releases/tag/v0.27.5"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/yusing/godoxy/security/advisories/GHSA-4753-cmc8-8j9v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…