CVE-2022-46959: Path Traversal in github.com/go-sonic/sonic

January 23, 2023

An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.

References

github.com/advisories/GHSA-2x48-p6cq-5xcw
github.com/go-sonic/sonic/issues/56
github.com/go-sonic/sonic/pull/61/commits/3b00266a13fa69284f4b3f4b37d29be8f8e02f31
github.com/go-sonic/sonic/releases/tag/v1.0.5
nvd.nist.gov/vuln/detail/CVE-2022-46959

Detect and mitigate CVE-2022-46959 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →