—
GO-2026-5302
ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data in github.com/shellhub-io/shellhub
Details
ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data in github.com/shellhub-io/shellhub
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/shellhub-io/shellhub
Introduced in:
0 Fixed in: 0.24.2 Fix
go get github.com/shellhub-io/shellhub@v0.24.2