Описание
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.
Ссылки
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.1.8 (включая)Версия до 1.7.5 (исключая)
Одновременно
Одно из
cpe:2.3:a:iris-go:iris:*:*:*:*:*:go:*:*
cpe:2.3:a:iris-go:iris:12.2.0:alpha:*:*:*:go:*:*
cpe:2.3:a:iris-go:iris:12.2.0:alpha2:*:*:*:go:*:*
cpe:2.3:a:iris-go:iris:12.2.0:alpha3:*:*:*:go:*:*
cpe:2.3:a:iris-go:iris:12.2.0:alpha4:*:*:*:go:*:*
cpe:2.3:a:iris-go:iris:12.2.0:alpha5:*:*:*:go:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00662
Низкий
7.5 High
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 8.8
redhat
около 4 лет назад
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.
EPSS
Процентиль: 71%
0.00662
Низкий
7.5 High
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-59