CVE-2020-36559

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Ссылки

https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec
Patch
Third Party Advisory
https://github.com/go-aah/aah/issues/266
Issue Tracking
Third Party Advisory
https://github.com/go-aah/aah/pull/267
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0033
Third Party Advisory
https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec
Patch
Third Party Advisory
https://github.com/go-aah/aah/issues/266
Issue Tracking
Third Party Advisory
https://github.com/go-aah/aah/pull/267
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0033
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aahframework:aah:*:*:*:*:*:go:*:*

Версия до 0.12.4 (исключая)

EPSS

Процентиль: 83%

0.0201

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-vp56-r7qv-783v