Main Vulnerability Database SB2022070545

SB2022070545 - Path traversal in Beego

Published: July 5, 2022 Updated: November 6, 2024

Security Bulletin ID SB2022070545

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2022-31836)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to leafInfo.match() function in Beego uses path.join() to deal with wildcardvalues which can lead to cross directory risk. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

References

https://github.com/beego/beego/issues/4961
https://github.com/advisories/GHSA-95f9-94vc-665h