CVE-2019-25073

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-25073
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25073.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-25073
Aliases
Published
2022-12-27T22:15:11.397Z
Modified
2026-03-10T22:43:17.838625Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.

References

Affected packages

Git / github.com/goadesign/goa

Affected ranges

Type
GIT
Repo
https://github.com/goadesign/goa
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1951ab4f8e8cb229fb3187fa3e02ea4326e38a7a
Introduced
de50fdd7a56f4d7fbd13794667ace84af43c75b0
Fixed
e4f6165a749b4de9bff19d6558cd1cf35cf993a2
Introduced
922f55e91729e31573b9011401cc454025947172
Fixed
a637706c9bb63ac4c8866c8c510ded40cb5c7ed6
Fixed
70b5a199d0f813d74423993832c424e1fc73fb39
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.3"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.10"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.9"
        }
    ]
}

Affected versions

v2.*
v2.0.0
v2.0.3
v2.0.4
v2.0.5
v2.0.7
v2.0.8
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25073.json"