CVE-2020-36559

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36559

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36559.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36559

Aliases

Published

2022-12-27T22:15:11Z

Modified

2024-05-14T08:10:13.211233Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

References

Affected packages

Git / github.com/go-aah/aah

Affected ranges

Type: GIT
Repo: https://github.com/go-aah/aah
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec

Affected versions

v0.*

v0.1

v0.10

v0.10.1

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.2

v0.3

v0.4

v0.4.1

v0.5

v0.5.1

v0.6

v0.7

v0.8

v0.9