Primary

Context

kone-net go-chat Path Traversal Vulnerability in File Controller

Vulnerability

A critical path traversal vulnerability has been identified in kone-net go-chat versions up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. The issue resides in the GetFile function of the file go-chat/api/v1/file_controller.go, within the Endpoint component. This vulnerability allows remote attackers to read arbitrary files from the web server by manipulating the fileName parameter, exploiting a lack of input sanitization.

Impact

Exploitation of this vulnerability allows for arbitrary file read on the server, potentially leading to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, send a request to the /file/ endpoint with a crafted fileName parameter that includes directory traversal sequences, such as '../../../../etc/passwd'. This will bypass the application's file path restrictions and access the specified file on the server.

Added: Jul 11, 2025, 7:27 PM

Updated: Jul 11, 2025, 7:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

kone-net go-chat Path Traversal Vulnerability in File Controller

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating