goshs Path Traversal Vulnerability in deleteFile Function Allows Unauthenticated Arbitrary File Deletion
Vulnerability
A path traversal vulnerability has been identified in goshs versions through 2.0.0-beta.2. The issue arises in the deleteFile function, where a return statement is missing after a path traversal check. This flaw allows for unauthenticated arbitrary file or directory deletion. The vulnerability is triggered by sending a GET request with a specific path and a delete query parameter, which the server processes without properly validating the request.
Impact
Exploitation of this vulnerability allows for unauthenticated users to delete arbitrary files or directories on the server where goshs is running.
Reproduction
To reproduce this vulnerability, send a GET request to a goshs server instance running prior to version 2.0.0-beta.3. Include a path that traverses the directory structure (using '..') and append the delete query parameter. The server will respond with an error, but the targeted file or directory will be deleted.
Remediation
Users can upgrade to goshs version 2.0.0-beta.3 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.