blob: 59b393480152b3fcaadb5c31a3a6283d41f35b50 [file] [log] [blame]
id: GO-2023-1505
modules:
- module: github.com/uber/kraken
vulnerable_at: 0.1.4
packages:
- package: github.com/uber/kraken/lib/backend/testfs
symbols:
- Server.downloadHandler
- Server.Handler
summary: Arbitrary file read vulnerability in github.com/uber/kraken
description: kraken contains an arbitrary file read vulnerability via component testfs.
cves:
- CVE-2022-47747
ghsas:
- GHSA-hj4g-4w36-x8hp
references:
- report: https://github.com/uber/kraken/issues/333
- advisory: https://github.com/advisories/GHSA-hj4g-4w36-x8hp
review_status: REVIEWED