GHSA-c9qr-f6c8-rgxf

Source

https://github.com/advisories/GHSA-c9qr-f6c8-rgxf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c9qr-f6c8-rgxf/GHSA-c9qr-f6c8-rgxf.json

Aliases

CVE-2022-40082
GO-2022-1027

Published

2022-09-29T00:00:26Z

Modified

2023-11-08T04:10:22.365620Z

Details

Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40082
https://github.com/cloudwego/hertz/issues/228
https://github.com/cloudwego/hertz/pull/229
https://github.com/cloudwego/hertz
https://pkg.go.dev/vuln/GO-2022-1027

Affected packages

Go / github.com/cloudwego/hertz

Package

Name: github.com/cloudwego/hertz

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.3.1