Go modules package
github.com/syncthing/syncthing
pkg:golang/github.com/syncthing/syncthing
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-46165 | — | < 1.23.5 | 1.23.5 | Jun 6, 2023 | Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared fo | ||
| CVE-2021-21404 | — | < 1.15.0 | 1.15.0 | Apr 6, 2021 | Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a | ||
| CVE-2017-1000420 | — | <= 0.14.33 | — | Jan 2, 2018 | Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite |
- CVE-2022-46165Jun 6, 2023affected < 1.23.5fixed 1.23.5
Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared fo
- CVE-2021-21404Apr 6, 2021affected < 1.15.0fixed 1.15.0
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a
- CVE-2017-1000420Jan 2, 2018affected <= 0.14.33
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite