github.com/ctfer-io/chall-manager
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/ctfer-io/chall-managerpage 1 of 1
- CVE-2025-53632CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.1.42025-07-10
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does no…
- CVE-2025-53633CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.1.42025-07-10
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Expl…
- CVE-2025-53634HIGHCVSS 7.5EG 7.5✓ Fixed in 0.1.42025-07-10
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitatio…
Check whether github.com/ctfer-io/chall-manager is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/ctfer-io/chall-manager CVEs against the assets you own.
Start Free Scan →