blob: 43e1c5e02d3fe6b9e016a8263a4b19fd6354b4bf [file] [log] [blame]
module: github.com/goadesign/goa
additional_packages:
- module: goa.design/goa
symbols:
- Controller.FileHandler
versions:
- fixed: v1.4.3
- module: goa.design/goa/v3
symbols:
- Controller.FileHandler
versions:
- fixed: v3.0.9
versions:
- fixed: v1.4.3
description: |
Due to improper santization of user input, Controller.FileHandler allows
for directory traversal, allowing an attacker to read files outside of
the target directory that the server has permission to read.
credit: '@christi3k'
symbols:
- Controller.FileHandler
links:
pr: https://github.com/goadesign/goa/pull/2388
commit: https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39
cve_metadata:
id: CVE-9999-0012
cwe: 'CWE-22: Improper Limitation of a Pathname to a Restricted Directory (''Path
Traversal'')'
description: |
Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or
v1.4.3 allow remote attackers to read files outside of the intended directory.