{"vulnerability": "CVE-2020-3656", "sightings": [{"uuid": "1461f685-dfaa-4fc4-81f5-48e0eef93e8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36560", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11456", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36560\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.\n\ud83d\udccf Published: 2022-12-27T21:13:20.828Z\n\ud83d\udccf Modified: 2025-04-11T16:37:12.055Z\n\ud83d\udd17 References:\n1. https://github.com/artdarek/go-unzip/pull/2\n2. https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0\n3. https://snyk.io/research/zip-slip-vulnerability\n4. https://pkg.go.dev/vuln/GO-2020-0034", "creation_timestamp": "2025-04-11T16:51:03.000000Z"}, {"uuid": "fd421711-dcb0-47d9-98b5-b94f746547ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36567", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11486", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36567\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.\n\ud83d\udccf Published: 2022-12-27T20:58:14.400Z\n\ud83d\udccf Modified: 2025-04-11T16:45:40.135Z\n\ud83d\udd17 References:\n1. https://github.com/gin-gonic/gin/pull/2237\n2. https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d\n3. https://pkg.go.dev/vuln/GO-2020-0001", "creation_timestamp": "2025-04-11T17:51:31.000000Z"}, {"uuid": "35fefe7e-d9f3-434e-8c3c-ef945bcc19f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36569", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11526", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36569\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.\n\ud83d\udccf Published: 2022-12-27T21:12:58.427Z\n\ud83d\udccf Modified: 2025-04-11T23:03:20.527Z\n\ud83d\udd17 References:\n1. https://github.com/nanobox-io/golang-nanoauth/pull/5\n2. https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3\n3. https://pkg.go.dev/vuln/GO-2020-0004", "creation_timestamp": "2025-04-11T23:51:40.000000Z"}, {"uuid": "6efd14ee-fd37-49d6-9bab-95f6a7a85fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36568", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11525", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36568\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.\n\ud83d\udccf Published: 2022-12-27T21:12:40.154Z\n\ud83d\udccf Modified: 2025-04-11T23:04:53.092Z\n\ud83d\udd17 References:\n1. https://github.com/revel/revel/pull/1427\n2. https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605\n3. https://github.com/revel/revel/issues/1424\n4. https://pkg.go.dev/vuln/GO-2020-0003", "creation_timestamp": "2025-04-11T23:51:40.000000Z"}, {"uuid": "6751b835-1f06-4349-b52f-b8e8410e950a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36563", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11455", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36563\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.\n\ud83d\udccf Published: 2022-12-27T21:13:29.296Z\n\ud83d\udccf Modified: 2025-04-11T16:37:19.193Z\n\ud83d\udd17 References:\n1. https://github.com/RobotsAndPencils/go-saml/pull/38\n2. https://pkg.go.dev/vuln/GO-2020-0047", "creation_timestamp": "2025-04-11T16:51:02.000000Z"}, {"uuid": "47a2223b-e130-45f6-8d8c-17de6d6ec7bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36561", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11454", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36561\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.\n\ud83d\udccf Published: 2022-12-27T21:13:22.650Z\n\ud83d\udccf Modified: 2025-04-11T16:38:20.416Z\n\ud83d\udd17 References:\n1. https://github.com/yi-ge/unzip/pull/1\n2. https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73\n3. https://snyk.io/research/zip-slip-vulnerability\n4. https://pkg.go.dev/vuln/GO-2020-0035", "creation_timestamp": "2025-04-11T16:51:01.000000Z"}, {"uuid": "8067f067-d98f-4850-959a-9835ba903a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36564", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11467", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36564\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.\n\ud83d\udccf Published: 2022-12-27T21:13:31.590Z\n\ud83d\udccf Modified: 2025-04-11T16:26:19.344Z\n\ud83d\udd17 References:\n1. https://github.com/justinas/nosurf/pull/60\n2. https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314\n3. https://pkg.go.dev/vuln/GO-2020-0049", "creation_timestamp": "2025-04-11T16:51:21.000000Z"}, {"uuid": "1d7eff75-f7a6-4b7b-83ac-ee595ef98f56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36560", "type": "seen", "source": "https://t.me/cibsecurity/55458", "content": "\u203c CVE-2020-36560 \u203c\n\nDue to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:13.000000Z"}, {"uuid": "48b4aa57-16f7-444c-9112-2214626bf8b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36569", "type": "seen", "source": "https://t.me/cibsecurity/55453", "content": "\u203c CVE-2020-36569 \u203c\n\nAuthentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:05.000000Z"}, {"uuid": "2b1df909-844c-4b76-b8b8-d8ac38b62042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36566", "type": "seen", "source": "https://t.me/cibsecurity/55450", "content": "\u203c CVE-2020-36566 \u203c\n\nDue to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:11:59.000000Z"}, {"uuid": "867d4a1e-14c8-4993-9ddf-6060fec55f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36564", "type": "seen", "source": "https://t.me/cibsecurity/55445", "content": "\u203c CVE-2020-36564 \u203c\n\nDue to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:11:52.000000Z"}, {"uuid": "9e33e565-c8dc-4c2e-8634-3b8cf995efad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36568", "type": "seen", "source": "https://t.me/cibsecurity/55444", "content": "\u203c CVE-2020-36568 \u203c\n\nUnsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:11:51.000000Z"}, {"uuid": "704ff0a3-4f5e-408a-9b85-69f05e64c060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36561", "type": "seen", "source": "https://t.me/cibsecurity/55443", "content": "\u203c CVE-2020-36561 \u203c\n\nDue to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:11:50.000000Z"}, {"uuid": "581535e0-a6aa-468e-a3f2-079c556f8b37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36565", "type": "seen", "source": "https://t.me/cibsecurity/54130", "content": "\u203c CVE-2020-36565 \u203c\n\nDue to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-07T20:11:43.000000Z"}]}