Advisories for Golang/Github.com/Projectdiscovery/Nuclei/V2 package

2023

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue does not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute …