CVE-2020-36559

Path Traversal in aahframe.work

CVSS 7.5 HIGHEPSS 1.1%

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

aahframe.work · aahframe.work

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec https://github.com/go-aah/aah/issues/266 https://github.com/go-aah/aah/pull/267 https://pkg.go.dev/vuln/GO-2020-0033