CVE-2021-23772

Improper Link Resolution Before File Access ('Link Following') in go/github.com/kataras/iris/v12

Identifiers

GHSA-jcxc-rh6w-wf49, CVE-2021-23772

Package Slug

go/github.com/kataras/iris/v12

Vulnerability

Improper Link Resolution Before File Access ('Link Following')

Description

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.

Affected Versions

All versions up to 12.2.0-alpha5

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-01-11

source