VYPR

Go modules package

github.com/drakkan/sftpgo/v2

pkg:golang/github.com/drakkan/sftpgo/v2

Vulnerabilities (7)

  • CVE-2026-30915Mar 13, 2026
    affected >= 2.3.0, < 2.7.1fixed 2.7.1

    SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key pr

  • CVE-2026-30914Mar 13, 2026
    affected < 2.7.1fixed 2.7.1

    SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft sp

  • CVE-2025-24366HigFeb 7, 2025
    affected >= 0.9.5, < 2.6.5fixed 2.6.5

    SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it

  • CVE-2024-52801MedNov 29, 2024
    affected >= 2.3.0, < 2.6.4fixed 2.6.4

    sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since th

  • CVE-2024-52309MedNov 21, 2024
    affected >= 2.4.0, < 2.6.3fixed 2.6.3

    SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature i

  • CVE-2024-37897MedJun 20, 2024
    affected >= 2.2.0, < 2.6.1fixed 2.6.1

    SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the

  • CVE-2022-36071Sep 2, 2022
    affected >= 2.2.0, < 2.3.4fixed 2.3.4

    SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, s