Affected by GO-2022-0389
and 7 other vulnerabilities
GO-2022-0389: Unchecked hostname resolution could allow access to local network resources by users outside the local network in github.com/pterodactyl/wings
GO-2022-0919: Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings in github.com/pterodactyl/wings
GO-2023-1542: Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings
GO-2023-1555: Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system in github.com/pterodactyl/wings
GO-2023-1768: Wings vulnerable to escape to host from installation container in github.com/pterodactyl/wings
GO-2024-2642: Pterodactyl Wings vulnerable to improper isolation of server file access in github.com/pterodactyl/wings
GO-2024-2814: Pterodactyl Wings vulnerable to Arbitrary File Write/Read in github.com/pterodactyl/wings
GO-2024-2815: Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings
We've gone through a couple of iterations of where the configuration is stored. This
helpful little function will look through the three areas it might have ended up, and
return it.
We only run this if the configuration flag for the instance is not actually passed in
via the command line. Once found, the configuration is moved into the expected default
location. Only errors are returned from this function, you can safely assume that after
running this the configuration can be found in the correct default location.
Affected by 
Documentation
¶
Source Files