Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
References
Link | Resource |
---|---|
https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec | Patch Third Party Advisory |
https://github.com/go-aah/aah/issues/266 | Issue Tracking Third Party Advisory |
https://github.com/go-aah/aah/pull/267 | Third Party Advisory |
https://pkg.go.dev/vuln/GO-2020-0033 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Go
Published: 2022-12-27T21:13:19.169Z
Updated: 2023-06-12T19:03:48.520Z
Reserved: 2022-07-29T16:03:51.232Z
Link: CVE-2020-36559
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-27T22:15:11.500
Modified: 2023-06-08T21:15:15.410
Link: CVE-2020-36559
JSON object: View
Redhat Information
No data.
CWE