CVE-2022-38638

Missing Authorization in go/github.com/casdoor/casdoor

Identifiers

CVE-2022-38638

Package Slug

go/github.com/casdoor/casdoor

Vulnerability

Missing Authorization

Description

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.

Affected Versions

Version 1.97.3

Solution

Upgrade to version 1.103.1 or above.

Last Modified

2022-09-15

source