{"id":"CVE-2023-1800","details":"A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.","aliases":["GHSA-xq3x-grrj-fj6x","GO-2023-1713"],"modified":"2026-04-10T04:55:17.250511Z","published":"2023-04-02T11:15:06.707Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?ctiid.224768"},{"type":"ADVISORY","url":"https://vuldb.com/?id.224768"},{"type":"EVIDENCE","url":"https://github.com/yangyanglo/ForCVE/blob/main/2023-0x05.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sjqzhang/go-fastdfs","events":[{"introduced":"0"},{"last_affected":"c042d8420124b474e92a2b2805cce30030c79db7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.3"}]}}],"versions":["0.0.1","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.2.9","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.2","v1.4.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1800.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}