—
GO-2026-5625
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS in github.com/patrickhener/goshs
Details
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS in github.com/patrickhener/goshs
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/patrickhener/goshs
Introduced in:
0 No fixed version published yet for github.com/patrickhener/goshs (go modules). Pin to a known-safe version or switch to an alternative.
Go / goshs.de/goshs
Introduced in:
0 No fixed version published yet for goshs.de/goshs (go modules). Pin to a known-safe version or switch to an alternative.
References
- https://github.com/patrickhener/goshs/security/advisories/GHSA-rhf7-wvw3-vjvm [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-42091 [ADVISORY]
- https://github.com/patrickhener/goshs/commit/0e715b94e10c3d1aa552276000f15f104dee2f32 [FIX]
- https://github.com/patrickhener/goshs/releases/tag/v2.0.2 [WEB]