{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T01:27:29.076","vulnerabilities":[{"cve":{"id":"CVE-2025-46816","sourceIdentifier":"security-advisories@github.com","published":"2025-05-06T19:16:00.080","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function `dispatchReadPump` does not checks the option cli `-c`, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue."},{"lang":"es","value":"goshs es un SimpleHTTPServer escrito en Go. A partir de la versión 0.3.4 y anteriores a la 1.0.5, ejecutar goshs sin argumentos permite que cualquiera pueda ejecutar comandos en el servidor. La función `dispatchReadPump` no verifica la opción `-c` de la CLI, lo que permite que cualquiera ejecute cualquier comando mediante websockets. La versión 1.0.5 corrige este problema."}],"metrics":{"cvssMetricV30":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/patrickhener/goshs/commit/160220974576afe5111485b8d12fd36058984cfa","source":"security-advisories@github.com"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-rwj2-w85g-5cmm","source":"security-advisories@github.com"}]}}]}