Vulnerability Report: GO-2020-0032

CVE-2019-25073, GHSA-fjgq-224f-fq37
Affects: github.com/goadesign/goa, goa.design/goa, and 1 more
Published: Apr 14, 2021
Modified: May 20, 2024

Due to improper sanitization of user input, Controller.FileHandler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Affected Packages

Path

Go Versions

Symbols
github.com/goadesign/goa

before v1.4.3
goa.design/goa

before v1.4.3
- Controller.FileHandler
goa.design/goa/v3

before v3.0.9
- Controller.FileHandler

Aliases

CVE-2019-25073
GHSA-fjgq-224f-fq37

References

https://github.com/goadesign/goa/pull/2388
https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39
https://vuln.go.dev/ID/GO-2020-0032.json

Credits

@christi3k

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL