x/vulndb: potential Go vuln in github.com/charmbracelet/charm: CVE-2022-29180 #449
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2022-29180 references github.com/charmbracelet/charm, which may be a Go module.
Description:
A vulnerability in which attackers could forge HTTP requests to manipulate the
charm
data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hostedcharm
instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters.Additional notes
Links:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: