CVE-2020-36559 – github.com/go-aah/aah

Package

Manager: go
Name: github.com/go-aah/aah
Vulnerable Version: >=0 <0.12.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00419 pctl0.61069

Details

ahh vulnerable to Path Traversal Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Metadata

Created: 2022-12-28T00:30:23Z
Modified: 2024-05-20T19:41:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vp56-r7qv-783v/GHSA-vp56-r7qv-783v.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-vp56-r7qv-783v
Finding: F063
Auto approve: 1