blob: 6070a3a92eaa277f9f9395bc60e297ca89e69407 [file] [log] [blame]
id: GO-2024-2730
modules:
- module: github.com/gorilla/sessions
vulnerable_at: 1.2.2
packages:
- package: github.com/gorilla/sessions
symbols:
- FilesystemStore.save
- FilesystemStore.load
- FilesystemStore.erase
derived_symbols:
- CookieStore.Get
- FilesystemStore.Get
- FilesystemStore.New
- FilesystemStore.Save
- Registry.Get
- Registry.Save
- Save
- Session.Save
summary: 'WITHDRAWN: Directory traversal in FilesystemStore in github.com/gorilla/sessions'
description: |-
(This report has been withdrawn on the grounds that it
generates too many false positives. Session IDs are
documented as not being suitable to hold user-provided
data.)
FilesystemStore does not sanitize the Session.ID value,
making it vulnerable to directory traversal attacks.
If an attacker has control over the contents of the session ID,
this can be exploited to write to arbitrary files in the
filesystem.
Programs which do not set session IDs explicitly,
or which only set session IDs that will not be
interpreted by the filesystem, are not vulnerable.
withdrawn: "2024-04-17T18:06:23Z"
related:
- CVE-2024-3400
references:
- fix: https://github.com/gorilla/sessions/pull/274
source:
id: go-security-team
created: 2024-04-17T07:45:30.470362-07:00
review_status: REVIEWED