Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-c9qr-f6c8-rgxf: Hertz contains path traversal via normalizePath function

Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1.

ghsa
#vulnerability#git

Hertz contains path traversal via normalizePath function

High severity GitHub Reviewed Published Sep 29, 2022 • Updated Sep 30, 2022

Related news

CVE-2022-40082: fix: fix path-traversal bug by ruokeqx · Pull Request #229 · cloudwego/hertz

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.