The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-95f9-94vc-665h | |
https://github.com/beego/beego/issues/4961 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-07-05T00:00:00
Updated: 2023-02-24T00:00:00
Reserved: 2022-05-31T00:00:00
Link: CVE-2022-31836
JSON object: View
NVD Information
Status : Modified
Published: 2022-07-05T15:15:08.750
Modified: 2023-02-24T20:15:16.210
Link: CVE-2022-31836
JSON object: View
Redhat Information
No data.
CWE