The goshs HTTP server is affected by a high-severity vulnerability that could allow attackers to access sensitive files or compromise the host system.

goshs is a SimpleHTTPServer implementation. The vulnerability, which carries a CVSS score of 8.1, likely involves a path traversal or an unauthenticated file disclosure flaw, allowing an attacker to read files outside of the web root directory.

If goshs is used to serve files in a development or production environment, an attacker could exploit this flaw to steal source code, configuration files, or sensitive credentials. The high CVSS score reflects a serious threat to data confidentiality. System compromise is also possible if the attacker can read sensitive system files like /etc/passwd or SSH keys.

Immediate Action: Stop using vulnerable versions of goshs and update to the latest patched version immediately.

Proactive Monitoring: Monitor network traffic for unusual GET requests containing directory traversal patterns (e.g., "../") and review server access logs.

Compensating Controls: Run the HTTP server with the lowest possible OS privileges and use containerization to isolate the server from the host file system.

Public Exploit Available: false

Apply the necessary updates immediately to secure the goshs server. If the server is not strictly required for business operations, consider disabling it or replacing it with a more robust, hardened web server implementation.