CVE-2020-36559

Path Traversal in aahframe.work

CVSS 7.5 HIGHEPSS 1.1%

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

aahframe.work · aahframe.work

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec https://github.com/go-aah/aah/issues/266 https://github.com/go-aah/aah/pull/267 https://pkg.go.dev/vuln/GO-2020-0033