CVE Details
Basic Information
| Title | letseeqiji gorobbs API user.go ResetUserAvatar path traversal |
|---|---|
| Type | cve |
| Published | 2025-07-11T17:02:05.790Z |
| Modified | 2025-07-11T17:02:05.790Z |
Product Information
| Vendor | letseeqiji |
|---|---|
| Product | gorobbs |
| Version | 1.0.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A path traversal vulnerability in the ResetUserAvatar function of the gorobbs API allows remote attackers to access unauthorized files by manipulating the filename argument. |
|---|---|
| AI Severity | Medium |
| AI Vendor | letseeqiji |
| AI Product | gorobbs |
| AI Version | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8 |
Affected Products
- letseeqiji gorobbs 1.0.0
- letseeqiji gorobbs 1.0.1
- letseeqiji gorobbs 1.0.2
- letseeqiji gorobbs 1.0.3
- letseeqiji gorobbs 1.0.4
- letseeqiji gorobbs 1.0.5
- letseeqiji gorobbs 1.0.6
- letseeqiji gorobbs 1.0.7
- letseeqiji gorobbs 1.0.8
Additional Information
| CWE List | CWE-22 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.