Sign in Book a demo Get started free

← All vulnerabilities

MEDIUMSupply chain

GHSA-GXJX-7M74-HCQ8

go · github.com/filebrowser/filebrowser/v2

Summary

File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

References

Related vulnerabilities

All Supply chain →

HIGHGHSA-R4GV-QR8J-P3PG
handlebars.java FileTemplateLoader Path Traversal
HIGHGHSA-R2WG-2MCR-66RV
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
MEDIUMGHSA-J2C8-V969-8R5C
Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}
HIGHGHSA-PM6V-2H4W-4RP2
Gogs: Overwriting critical files results in a denial of service
HIGHGHSA-QRP7-CVWR-J2C6
Caddy: Windows `file_server` path authorization bypass via encoded backslash
HIGHGHSA-7CX2-G3H9-382P
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server