{"url":"http://public2.vulnerablecode.io/api/packages/379759?format=json","purl":"pkg:golang/github.com/minio/minio@0.0.0-202303200415","type":"golang","namespace":"github.com/minio","name":"minio","version":"0.0.0-202303200415","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.0.0-202303200735","latest_non_vulnerable_version":"0.0.0-20251015170045-c1a49490c78e","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134259?format=json","vulnerability_id":"VCID-zfh9-8ej1-z7a6","summary":"Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28434","reference_id":"","reference_type":"","scores":[{"value":"0.52087","scoring_system":"epss","scoring_elements":"0.97974","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28434"},{"reference_url":"https://github.com/minio/minio","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/minio/minio"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28434","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28434"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28434","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28434"},{"reference_url":"https://github.com/minio/minio/pull/16849","reference_id":"16849","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:17:47Z/"}],"url":"https://github.com/minio/minio/pull/16849"},{"reference_url":"https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5","reference_id":"67f4ba154a27a1b06e48bfabda38355a010dfca5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:17:47Z/"}],"url":"https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"},{"reference_url":"https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c","reference_id":"GHSA-2pxw-r47w-4p8c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:17:47Z/"}],"url":"https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379759?format=json","purl":"pkg:golang/github.com/minio/minio@0.0.0-202303200415","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/minio/minio@0.0.0-202303200415"}],"aliases":["CVE-2023-28434","GHSA-2pxw-r47w-4p8c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfh9-8ej1-z7a6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/minio/minio@0.0.0-202303200415"}