You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/minio/console
versions:
- fixed: 0.28.0
packages:
- package: github.com/minio/console
summary: Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character
can be exploited
description: "### Impact\nUnicode RIGHT-TO-LEFT OVERRIDE characters can be used to
mask the original filename.\n\n### Reported-By\nThanks to the report from Mio
Li [[email protected]](mailto:[email protected])\n\n### Patches\n```\ncommit
17e791afb90c9ad27c65f63c6be14f2f6a3a9d60\nAuthor: Daniel Valdivia <[email protected]>\nDate:
\ Tue May 23 08:47:12 2023 -0700\n\n Replace RIGHT-TO-LEFT OVERRIDE unicode
(#2828)\n \n Signed-off-by: Daniel Valdivia <[email protected]>\n```\n\n###
Workarounds\nWorkarounds are to remove the concerned file and rewrite it properly
with the right file and extensions. Avoid using RTLO characters in your filenames."
cves:
- CVE-2023-33955
ghsas:
- GHSA-jv3f-7m33-qp65
references:
- advisory: https://github.com/minio/console/security/advisories/GHSA-jv3f-7m33-qp65
- fix: https://github.com/minio/console/commit/17e791afb90c9ad27c65f63c6be14f2f6a3a9d60
- advisory: https://github.com/advisories/GHSA-jv3f-7m33-qp65
The text was updated successfully, but these errors were encountered:
In GitHub Security Advisory GHSA-jv3f-7m33-qp65, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: