GO-2022-1027
- Source
- https://pkg.go.dev/vuln/GO-2022-1027
- Import Source
- https://vuln.go.dev/ID/GO-2022-1027.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2022-1027
- Aliases
- Published
- 2022-10-05T18:02:53Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Path traversal in github.com/cloudwego/hertz
- Details
-
Improper path sanitization on Windows permits path traversal attacks. Static file serving with the Static or StaticFS functions allows an attacker to access files from outside the filesystem root.
This vulnerability does not affect non-Windows systems.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2022-1027", "review_status": "REVIEWED" }- References
Affected packages
Go / github.com/cloudwego/hertz
Package
- Name
- github.com/cloudwego/hertz
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cloudwego/hertz
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.3.1
Ecosystem specific
{
"imports": [
{
"path": "github.com/cloudwego/hertz/pkg/protocol",
"symbols": [
"Cookie.SetPath",
"Cookie.SetPathBytes",
"NewRequest",
"ParseURI",
"Request.Host",
"Request.ParseURI",
"Request.Path",
"Request.QueryString",
"Request.SetHost",
"Request.SetQueryString",
"Request.URI",
"URI.Parse",
"URI.SetPath",
"URI.SetPathBytes",
"URI.Update",
"URI.UpdateBytes",
"normalizePath"
],
"goos": [
"windows"
]
}
]
}