GHSA-RHF7-WVW3-VJVM: GHSA-RHF7-WVW3-VJVM: Cross-Origin Arbitrary File Write via Missing CSRF Protection in goshs
GHSA-RHF7-WVW3-VJVM: Cross-Origin Arbitrary File Write via Missing CSRF Protection in goshs Vulnerability ID: GHSA-RHF7-WVW3-VJVM CVSS Score: 8.8 Published: 2026-04-23 The goshs application, a single-binary file server written in Go, suffers from a Cross-Origin Arbitrary File Write vulnerability. The flaw exists due to an incomplete security patch that neglected to enforce Cross-Site Request Forgery (CSRF) protections on the HTTP PUT method. When combined with an overly permissive Cross-Origin R
Comment
Sign in to join the discussion.
Loading comments…