blob: 268dde59aaa32cfbfa63d006628e8b99bb97e283 [file] [log] [blame]
id: GO-2023-1998
modules:
- module: github.com/projectdiscovery/nuclei/v2
versions:
- fixed: 2.9.9
vulnerable_at: 2.9.8
packages:
- package: github.com/projectdiscovery/nuclei/v2/cmd/nuclei
symbols:
- readConfig
derived_symbols:
- init#1
- main
- package: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators
symbols:
- New
- PayloadGenerator.loadPayloads
- package: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate
symbols:
- Init
- package: github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns
symbols:
- Request.Compile
- package: github.com/projectdiscovery/nuclei/v2/pkg/protocols/http
symbols:
- Request.Compile
- package: github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless
symbols:
- Request.Compile
- package: github.com/projectdiscovery/nuclei/v2/pkg/protocols/network
symbols:
- Request.Compile
- package: github.com/projectdiscovery/nuclei/v2/pkg/protocols/websocket
symbols:
- Request.Compile
summary: |-
Improper path sanitization in sandbox mode in
github.com/projectdiscovery/nuclei/v2
cves:
- CVE-2023-37896
ghsas:
- GHSA-2xx4-jj5v-6mff
credits:
- keomutchoiboi
references:
- advisory: https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-2xx4-jj5v-6mff
- fix: https://github.com/projectdiscovery/nuclei/pull/3927
- web: https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.9
review_status: REVIEWED