Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
References
Link | Resource |
---|---|
https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec | Patch Third Party Advisory |
https://github.com/go-aah/aah/issues/266 | Issue Tracking Third Party Advisory |
https://github.com/go-aah/aah/pull/267 | Third Party Advisory |
https://pkg.go.dev/vuln/GO-2020-0033 | Third Party Advisory |
https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec | Patch Third Party Advisory |
https://github.com/go-aah/aah/issues/266 | Issue Tracking Third Party Advisory |
https://github.com/go-aah/aah/pull/267 | Third Party Advisory |
https://pkg.go.dev/vuln/GO-2020-0033 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec - Patch, Third Party Advisory | |
References | () https://github.com/go-aah/aah/issues/266 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/go-aah/aah/pull/267 - Third Party Advisory | |
References | () https://pkg.go.dev/vuln/GO-2020-0033 - Third Party Advisory |
08 Jun 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-27 22:15
Updated : 2024-11-21 05:29
NVD link : CVE-2020-36559
Mitre link : CVE-2020-36559
CVE.ORG link : CVE-2020-36559
JSON object : View
Products Affected
aahframework
- aah
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')