Security
Headlines

Headlines Latest CVEs

Headline

GHSA-c9qr-f6c8-rgxf: Hertz contains path traversal via normalizePath function

Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1.

2 years ago

#vulnerability #git

Hertz contains path traversal via normalizePath function

High severity GitHub Reviewed Published Sep 29, 2022 • Updated Sep 30, 2022

Related news

CVE-2022-40082: fix: fix path-traversal bug by ruokeqx · Pull Request #229 · cloudwego/hertz

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.

2 years ago

#vulnerability #windows #linux #git #intel #amd #auth

ghsa: Latest News

GHSA-6hwr-6v2f-3m88: XXE in PHPSpreadsheet's XLSX reader

34 minutes ago

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

35 minutes ago

GHSA-w9xv-qf98-ccq4: PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled

35 minutes ago

GHSA-5gpr-w2p5-6m37: PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file

35 minutes ago

GHSA-pf56-h9qf-rxq4: Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page

1 hour ago