{"id":"CVE-2023-1800","details":"A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.","aliases":["GHSA-xq3x-grrj-fj6x","GO-2023-1713"],"modified":"2026-03-15T22:44:26.792640Z","published":"2023-04-02T11:15:06.707Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?ctiid.224768"},{"type":"ADVISORY","url":"https://vuldb.com/?id.224768"},{"type":"EVIDENCE","url":"https://github.com/yangyanglo/ForCVE/blob/main/2023-0x05.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sjqzhang/go-fastdfs","events":[{"introduced":"0"},{"last_affected":"c042d8420124b474e92a2b2805cce30030c79db7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1800.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}