Tag
The charm.land/wish/v2 and github.com/charmbracelet/wish libraries are vulnerable to path traversal attacks via the SCP protocol, allowing malicious clients to read or write arbitrary files, create directories outside the configured root, and enumerate files, potentially leading to remote code execution or data exfiltration.