CVE-2022-31836

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in go/github.com/beego/beego

Identifiers

GHSA-95f9-94vc-665h, CVE-2022-31836

Package Slug

go/github.com/beego/beego

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.

Affected Versions

All versions before 2.0.4

Solution

Upgrade to version 2.0.4 or above.

Last Modified

2022-07-24

source