GHSA-vp56-r7qv-783v

Source

https://github.com/advisories/GHSA-vp56-r7qv-783v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vp56-r7qv-783v/GHSA-vp56-r7qv-783v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vp56-r7qv-783v

Aliases

Published

2022-12-28T00:30:23Z

Modified

2024-05-20T19:41:41Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

ahh vulnerable to Path Traversal

Details

Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

References

Affected packages

Go / github.com/go-aah/aah

Package

Name: github.com/go-aah/aah; View open source insights on deps.dev
Purl: pkg:golang/github.com/go-aah/aah

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.4

Go / aahframe.work

Package

Name: aahframe.work; View open source insights on deps.dev
Purl: pkg:golang/aahframe.work

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.4