Go to main page
Versions in this module
v0
Sep 3, 2020 GO-2022-0272
GO-2022-0272: The Context.UploadFormFiles function is vulnerable to directory traversal attacks, and can be made to write to arbitrary locations outside the destination directory.
This vulnerability only occurs when built with Go versions prior to 1.17. Go 1.17 and later strip directory paths from filenames returned by "mime/multipart".Part.FileName, which avoids this issue.
Aug 12, 2020 GO-2022-0272
GO-2022-0272: The Context.UploadFormFiles function is vulnerable to directory traversal attacks, and can be made to write to arbitrary locations outside the destination directory.
This vulnerability only occurs when built with Go versions prior to 1.17. Go 1.17 and later strip directory paths from filenames returned by "mime/multipart".Part.FileName, which avoids this issue.
Incompatible versions in this module
Jan 16, 2019
GO-2022-0272
Nov 18, 2018
GO-2022-0272
Jul 25, 2018
GO-2022-0272
Jun 26, 2018
GO-2022-0272
May 21, 2018
GO-2022-0272
May 8, 2018
GO-2022-0272
May 2, 2018
GO-2022-0272
Apr 22, 2018
GO-2022-0272
Mar 24, 2018
GO-2022-0272
Mar 16, 2018
GO-2022-0272
Mar 10, 2018
GO-2022-0272
Feb 15, 2018
GO-2022-0272
Feb 6, 2018
GO-2022-0272
Jan 9, 2018
GO-2022-0272
Dec 22, 2017
GO-2022-0272
Nov 7, 2017
GO-2022-0272
Oct 26, 2017
GO-2022-0272
Oct 12, 2017
GO-2022-0272
Oct 9, 2017
GO-2022-0272
Oct 6, 2017
GO-2022-0272
Oct 1, 2017
GO-2022-0272
Sep 27, 2017
GO-2022-0272
Sep 17, 2017
GO-2022-0272
Aug 29, 2017
GO-2022-0272
Aug 23, 2017
GO-2022-0272
Aug 8, 2017
GO-2022-0272