reports/GO-2020-0033.yaml - vulndb - Git at Google

 module: aahframe.work
 versions:
   - fixed: v0.12.4
 description: |
   Due to improper santization of user input, HTTPEngine.Handle allows
   for directory traversal, allowing an attacker to read files outside of
   the target directory that the server has permission to read.
 credit: "@snyff"
 symbols:
   - HTTPEngine.Handle
 links:
   pr: https://github.com/go-aah/aah/pull/267
   commit: https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec
   context:
     - https://github.com/go-aah/aah/issues/266
	module: aahframe.work
	versions:
	- fixed: v0.12.4
	description: \|
	Due to improper santization of user input, HTTPEngine.Handle allows
	for directory traversal, allowing an attacker to read files outside of
	the target directory that the server has permission to read.
	credit: "@snyff"
	symbols:
	- HTTPEngine.Handle
	links:
	pr: https://github.com/go-aah/aah/pull/267
	commit: https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec
	context:
	- https://github.com/go-aah/aah/issues/266