CVE-2022-31836: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

July 5, 2022 (updated February 24, 2023)

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.

References

github.com/beego/beego/issues/4961
nvd.nist.gov/vuln/detail/CVE-2022-31836

Detect and mitigate CVE-2022-31836 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →