Headline
GHSA-c9qr-f6c8-rgxf: Hertz contains path traversal via normalizePath function
Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1.
Hertz contains path traversal via normalizePath function
High severity GitHub Reviewed Published Sep 29, 2022 • Updated Sep 30, 2022
Related news
CVE-2022-40082: fix: fix path-traversal bug by ruokeqx · Pull Request #229 · cloudwego/hertz
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.