-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGoMiggo AIRoot Cause AnalysisThe vulnerability stems from improper path sanitization in three key areas: (1) The SanitizeRepo function failed to normalize paths correctly by not using an absolute path before cleaning, allowing traversal sequences. (2) The reposPath function and its callers (e.g., CreateRepository, DeleteRepository) constructed repository paths using unsanitized names, enabling directory escape. (3) The checkIfCollab function processed raw user input without sanitization. The commit patches these by introducing absolute path handling in SanitizeRepo, replacing reposPath with a sanitized repoPath method, and adding SanitizeRepo to checkIfCollab. These changes confirm the original functions were vulnerable.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/charmbracelet/soft-serve | go | < 0.8.2 | 0.8.2 |
Ongoing coverage of React2Shell