Closed
Description
CVE-2023-36458 references github.com/1Panel-dev/1Panel, which may be a Go module.
Description:
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.
References:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-36458
- JSON: https://github.com/CVEProject/cvelist/tree/8f68496b383774d91698a6d78b09674534632fdc/2023/36xxx/CVE-2023-36458.json
- advisory: GHSA-7x2c-fgx6-xf9h
- web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.3.6
- Imported by: https://pkg.go.dev/github.com/1Panel-dev/1Panel?tab=importedby
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/1Panel-dev/1Panel
vulnerable_at: 1.3.6
packages:
- package: 1Panel
description: |-
1Panel is an open source Linux server operation and maintenance management
panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious
payloads to achieve command injection when entering the container terminal. The
vulnerability has been fixed in v1.3.6.
cves:
- CVE-2023-36458
references:
- advisory: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7x2c-fgx6-xf9h
- web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.3.6