Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug
hertz path-traversal bug in windows server.
Hackers can read any file in windows server since there are no backslash restrictions.
Since backslash doesn't work in linux filesystem, the bug works in a very limited production environment.
Screenshots
Hertz version:
v0.3.0
Environment:
any windows server any go version and any hertz version
fix suggestion
Replace all backslashes with forwardslashes at the beginning of the normalizePath function.
The text was updated successfully, but these errors were encountered:
ruokeqx
Successfully merging a pull request may close this issue.
Describe the bug
hertz path-traversal bug in windows server.
Hackers can read any file in windows server since there are no backslash restrictions.
Since backslash doesn't work in linux filesystem, the bug works in a very limited production environment.
Screenshots
Hertz version:
v0.3.0
Environment:
any windows server any go version and any hertz version
fix suggestion
Replace all backslashes with forwardslashes at the beginning of the normalizePath function.
The text was updated successfully, but these errors were encountered: