blob: edb54c73103ef8a1da13a4e9b013825f11606417 [file] [log] [blame]
id: GO-2023-1600
modules:
- module: github.com/kitabisa/teler-waf
versions:
- fixed: 0.2.0
vulnerable_at: 0.1.2
packages:
- package: github.com/kitabisa/teler-waf
symbols:
- Teler.checkCommonWebAttack
derived_symbols:
- Teler.Analyze
- Teler.HandlerFuncWithNext
summary: Arbitrary code execution in github.com/kitabisa/teler-waf
description: |-
Improper handling of payload with special characters, such as CR/LF and
horizontal tab, can lead to execution of arbitrary JavaScript code.
cves:
- CVE-2023-26047
ghsas:
- GHSA-p2pf-g8cq-3gq5
references:
- advisory: https://github.com/advisories/GHSA-p2pf-g8cq-3gq5
- fix: https://github.com/kitabisa/teler-waf/commit/6e1b0e19b8adc1bbc3513a986025d4adf88d59f8
- web: https://github.com/kitabisa/teler-waf/releases/tag/v0.2.0
review_status: REVIEWED