Vulnerability Report: GO-2022-1027
- CVE-2022-40082, GHSA-c9qr-f6c8-rgxf
- Affects: github.com/cloudwego/hertz
- Published: Oct 05, 2022
- Modified: Jun 12, 2023
Improper path sanitization on Windows permits path traversal attacks. Static file serving with the Static or StaticFS functions allows an attacker to access files from outside the filesystem root. This vulnerability does not affect non-Windows systems.
Affected Packages
-
PathVersionsSymbols
-
before v0.3.1
Aliases
References
- https://github.com/cloudwego/hertz/issues/228
- https://github.com/cloudwego/hertz/pull/229
- https://vuln.go.dev/ID/GO-2022-1027.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.