GO-2020-0033

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2020-0033

Import Source

https://vuln.go.dev/ID/GO-2020-0033.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2020-0033

Aliases

Published

2021-04-14T20:04:52Z

Modified

2024-05-20T16:03:47Z

Summary

Path Traversal in aahframe.work

Details

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

References

Credits

- @snyff

Affected packages

Go / aahframe.work

Package

Name: aahframe.work; View open source insights on deps.dev
Purl: pkg:golang/aahframe.work

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.4

Ecosystem specific

{
    "imports": [
        {
            "path": "aahframe.work",
            "symbols": [
                "Application.Run",
                "Application.ServeHTTP",
                "Application.Start",
                "HTTPEngine.Handle"
            ]
        }
    ]
}