CVE-2020-36559
HIGH WAF: High
CVSS 7.5
Published: 2022-12-27
CWE-22
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| aahframework | aah | up to 0.12.4 |
References
- github.com (Patch, Third Party Advisory)
- github.com (Issue Tracking, Third Party Advisory)
- github.com (Third Party Advisory)
- pkg.go.dev (Third Party Advisory)