CVE-2025-46816 – “goshs Command Injection Vulnerability”

May 6, 2025

CVE ID : CVE-2025-46816

Published : May 6, 2025, 7:16 p.m. | 19 minutes ago

Description : goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function `dispatchReadPump` does not checks the option cli `-c`, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46820 – GitHub phpgt/Dom GitHub Token Disclosure

Next Article CVE-2025-4388 – Liferay Portal/DXP Reflected Cross-Site Scripting (XSS) Vulnerability

Highlights

Development

Jmeter get requests failing to exit for existing response

August 13, 2024

I want to let JMeter exit while controller when response value “model_name”: “Model-Corpus-JMeter2-0001-v1-8k” is found in response data.
sample response data:
{
“message”: “success”,
“valid_model_list”: [{
“meta_data”: {
“corpus_list”: [
“test1”
],
“id”: “1”,
“sample_rate”: 16000,
“test_duration”: “0.17 hrs”
},
“model_name”: “Model-Corpus-JMeter2-0001-v1-8k”,
“status”: “ok”
},
{
“meta_data”: {
“corpus_list”: [
“test1”
],
“id”: “2”,
“sample_rate”: 16000,
“test_duration”: “0.17 hrs”
},
“model_name”: “testmod2-v1-8k”,
“status”: “ok”
}
]
}

I have set while controller condition ${__jexl3(“${model_name}” != “Model-Corpus-JMeter2-0001-v1-8k”,)}
The JSON expression is tested works to extract a list of “model_name”.
however, the GET request isn’t exiting when the response value is already there.
Debug Sampler: captured model_name_18=Model-Corpus-JMeter2-0001-v1-8k

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

I never thought I’d love a triangular PC gaming headset, but these RGB-lit wireless cans are pretty great

When is the best time to book your flight? Google just gave us the golden answer

Diablo 4 gives you the chance to win a Mother’s Day candle and express your love (or hatred) with “Mother’s Judgement”

Here’s how to speedrun the Call of Duty: Black Ops 6 and Warzone Blaze of Glory event as fast as possible

Build Digital Assets & Earn Through Referrals with Biela — A Genuine Opportunity for Entrepreneurs

Build Digital Assets & Earn Through Referrals with Biela — A Genuine Opportunity for Entrepreneurs

Laravel Routing

Big Node, VS Code, and Mantine updates

I never thought I’d love a triangular PC gaming headset, but these RGB-lit wireless cans are pretty great

I never thought I’d love a triangular PC gaming headset, but these RGB-lit wireless cans are pretty great

Drakboot is a GRUB graphical configuration tool

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 19/2025

CVE-2025-46816 – “goshs Command Injection Vulnerability”

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

CVE-2025-4242 – PHPGurukul Online Birth Certificate System SQL Injection Vulnerability

nasirkhan/laravel-starter

timr – TUI to organize your time

Xbox and Microsoft pledge to double down on Windows improvements for gamers, as Valve’s Steam OS turns up the heat — now faced with real competition, it’s time for Windows change

Jmeter get requests failing to exit for existing response

CVE-2025-3979 – Dazhouda Lcms CSRF Vulnerability

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

This AI Paper Introduces a Novel Artificial Intelligence Approach in Precision Text Retrieval Using Retrieval Heads

CVE-2025-46816 – “goshs Command Injection Vulnerability”

Related Posts