VYPR

Go modules package

github.com/ctfer-io/chall-manager

pkg:golang/github.com/ctfer-io/chall-manager

Vulnerabilities (3)

  • CVE-2025-53634Jul 10, 2025
    affected < 0.1.4fixed 0.1.4

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor aut

  • CVE-2025-53633Jul 10, 2025
    affected < 0.1.4fixed 0.1.4

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication

  • CVE-2025-53632Jul 10, 2025
    affected < 0.1.4fixed 0.1.4

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorizatio