CVE-2023-33955: Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited

First published: Fri May 26 2023(Updated: )

### Impact Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. ### Reported-By Thanks to the report from Mio Li [wulilixi1@gmail.com](mailto:wulilixi1@gmail.com) ### Patches ``` commit 17e791afb90c9ad27c65f63c6be14f2f6a3a9d60 Author: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Date: Tue May 23 08:47:12 2023 -0700 Replace RIGHT-TO-LEFT OVERRIDE unicode (#2828) Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> ``` ### Workarounds Workarounds are to remove the concerned file and rewrite it properly with the right file and extensions. Avoid using RTLO characters in your filenames.

Credit: security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-latest
• collector/github-advisory-latest
• alias/GHSA-jv3f-7m33-qp65
• alias/CVE-2023-33955
• collector/github-advisory
• collector/nvd-index
• collector/nvd-cve
• agent/type
• agent/author
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/weakness
• agent/title
• agent/references
• agent/remedy
• agent/severity
• agent/description
• agent/event
• agent/tags
• agent/source
• package-manager/go
• vendor/minio
• canonical/minio console