CVE-2023-33955, GHSA-jv3f-7m33-qp65
go/github.com/minio/console
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited
Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename.
Thanks to the report from Mio Li wulilixi1@gmail.com
``` commit 17e791afb90c9ad27c65f63c6be14f2f6a3a9d60 Author: Daniel Valdivia 18384552+dvaldivia@users.noreply.github.com Date: Tue May 23 08:47:12 2023 -0700
Replace RIGHT-TO-LEFT OVERRIDE unicode (#2828)
Signed-off-by: Daniel Valdivia 18384552+dvaldivia@users.noreply.github.com ```
Workarounds are to remove the concerned file and rewrite it properly with the right file and extensions. Avoid using RTLO characters in your filenames.
All versions before 0.28.0
Upgrade to version 0.28.0 or above.
2023-05-29
source |