[github.com/sjqzhang/go-fastdfs] sjqzhang go-fastdfs vulnerable to path traversal

sjqzhang go-fastdfs up to 1.4.3 is vulnerable to path traversal in the function upload of the file /group1/upload of the component File Upload Handler. The attack may be launched remotely and the exploit has been disclosed to the public and may be used.

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-1800
• https://github.com/yangyanglo/ForCVE/blob/main/2023-0x05.md
• https://vuldb.com/?ctiid.224768
• https://vuldb.com/?id.224768
• https://github.com/advisories/GHSA-xq3x-grrj-fj6x