CVE-2020-36559

Published December 27th, 2022

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

go-aah/aah

A secure, flexible, rapid Go web framework

GitHub

684