Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-jv3f-7m33-qp65

GitHub Security Advisory

Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename.

### Reported-By
Thanks to the report from Mio Li [[email protected]](mailto:[email protected])

### Patches
```
commit 17e791afb90c9ad27c65f63c6be14f2f6a3a9d60
Author: Daniel Valdivia <[email protected]>
Date: Tue May 23 08:47:12 2023 -0700

Replace RIGHT-TO-LEFT OVERRIDE unicode (#2828)

Signed-off-by: Daniel Valdivia <[email protected]>
```

### Workarounds
Workarounds are to remove the concerned file and rewrite it properly with the right file and extensions. Avoid using RTLO characters in your filenames.

Affected Packages

Go github.com/minio/console
Affected versions: 0 (fixed in 0.28.0)

Related CVEs

CVE-2023-33955

Key Information

GHSA ID
GHSA-jv3f-7m33-qp65
Published
May 26, 2023 1:57 PM
Last Modified
June 1, 2023 2:51 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/minio/console
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.