Hertz is a Golang microservices HTTP framework open sourced by CloudWeGo. v0.3.0 of Hertz contains a path traversal vulnerability that stems from a failure of the normalizePath function to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to retrieve arbitrary files from the underlying file system via specially designed web requests.
CPE | Name | Operator | Version |
---|---|---|---|
cloudwego hertz v | eq | 0.3.0 |