CVE-2022-21221

Опубликовано: 17 мар. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 5.9

Описание

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only.

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-apps/bionic	not-affected
esm-apps/focal	not-affected
esm-apps/jammy	not-affected
focal	not-affected
impish	not-affected
jammy	not-affected
trusty	ignored	end of standard support
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 68%

0.00568

Низкий

5 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2022-21221

CVSS3: 5.9

nvd

почти 4 года назад

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only.

GHSA-fx95-883v-4q4h

CVSS3: 7.5

github

почти 4 года назад

Path traversal in github.com/valyala/fasthttp

EPSS

Процентиль: 68%

0.00568

Низкий

5 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2022-21221

Описание

Пакет golang-github-valyala-fasthttp

Ссылки на источники

Связанные уязвимости