Path Traversal in Beego
Critical severity
GitHub Reviewed
Published
Jul 6, 2022
to the GitHub Advisory Database
•
Updated Feb 24, 2023
Description
Published by the National Vulnerability Database
Jul 5, 2022
Published to the GitHub Advisory Database
Jul 6, 2022
Reviewed
Jul 6, 2022
Last updated
Feb 24, 2023
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
References