Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fx95-883v-4q4h

Опубликовано: 18 мар. 2022
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

Path traversal in github.com/valyala/fasthttp

The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only.

Ссылки

Пакеты

Наименование

github.com/valyala/fasthttp

go
Затронутые версииВерсия исправления

< 1.34.0

1.34.0

EPSS

Процентиль: 68%
0.00568
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-21221

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2022-21221

CVSS3: 5.9
ubuntu
почти 4 года назад

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only.

nvd логотип

CVE-2022-21221

CVSS3: 5.9
nvd
почти 4 года назад

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only.

EPSS

Процентиль: 68%
0.00568
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-21221

Дефекты

CWE-22