网安资讯详情 - SecLens 情报雷达

go/github.com/gtsteffaniak/filebrowser/backend: FileBrowser Quantum: unauthenticated user share share info

来源： github_advisory · 发布时间 2026-05-20 04:14 (UTC+08:00) · 抓取时间 2026-05-20 09:45 (UTC+08:00)

原文链接

摘要

Severity: HIGH | CVE: CVE-2026-46410 | Package: go/github.com/gtsteffaniak/filebrowser/backend | Affected: < 0.0.0-20260514154726-1802e1281135 | Patched: 0.0.0-20260514154726-1802e1281135

正文

### Impact Some sensitive info -- such as source and path can get exposed. ### Patches Update to the latest version ### Workarounds no

标签

• ecosystem:go
• severity:high
• type:reviewed

扩展字段

{
  "cve_id": "CVE-2026-46410",
  "cwe_ids": [
    "CWE-200"
  ],
  "cwe_names": [
    "Exposure of Sensitive Information to an Unauthorized Actor"
  ],
  "ghsa_id": "GHSA-3jmg-p96m-m328",
  "package": {
    "ecosystem": "go",
    "name": "github.com/gtsteffaniak/filebrowser/backend",
    "patched_version": "0.0.0-20260514154726-1802e1281135",
    "vulnerable_range": "< 0.0.0-20260514154726-1802e1281135"
  },
  "references": [
    "https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-3jmg-p96m-m328",
    "https://github.com/gtsteffaniak/filebrowser/commit/1802e1281135cba83eb4acd86b58293fe121e2a5",
    "https://github.com/advisories/GHSA-3jmg-p96m-m328"
  ],
  "source_code_location": "https://github.com/gtsteffaniak/filebrowser",
  "updated_at": "2026-05-19T20:14:12Z"
}