Описание
Hertz contains path traversal via normalizePath function
Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1.
Пакеты
Наименование
github.com/cloudwego/hertz
go
Затронутые версииВерсия исправления
< 0.3.1
0.3.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.