filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.
{ "nvd_published_at": "2024-07-31T21:15:18Z", "cwe_ids": [ "CWE-295", "CWE-453" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-08-02T16:27:35Z" }