CVE-2021-23772

Improper Link Resolution Before File Access ('Link Following') in go/github.com/kataras/iris

Identifiers

CVE-2021-23772

Package Slug

go/github.com/kataras/iris

Vulnerability

Improper Link Resolution Before File Access ('Link Following')

Description

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.

Affected Versions

All versions up to 12.1.8, version 12.2.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-01-07

source