GHSA-cf7g-cm7q-rq7f

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-cf7g-cm7q-rq7f/GHSA-cf7g-cm7q-rq7f.json

Aliases

CVE-2022-39220

Published

2022-09-20T21:22:55Z

Modified

2022-09-23T17:07:44Z

Details

Impact

Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code.

Patches

Fixed in v2.3.5.

References

https://github.com/drakkan/sftpgo/security/advisories/GHSA-cf7g-cm7q-rq7f
https://nvd.nist.gov/vuln/detail/CVE-2022-39220
https://github.com/drakkan/sftpgo/commit/cbef217cfa92478ee8e00ba1a5fb074f8a8aeee0
https://github.com/drakkan/sftpgo

Affected packages

Go / github.com/drakkan/sftpgo

github.com/drakkan/sftpgo

Affected ranges