Lucene search
China National Vulnerability DatabaseCNVD-2022-91651HistorySep 30, 2022 - 12:00 a.m.
Hertz path traversal vulnerability
2022-09-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
hertz
path traversal
golang
microservices
http
framework
vulnerability
web requests
resource
file path
attacker
arbitrary files
file system
0.001 Low
EPSS
Percentile
48.8%
Hertz is a Golang microservices HTTP framework open sourced by CloudWeGo. v0.3.0 of Hertz contains a path traversal vulnerability that stems from a failure of the normalizePath function to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to retrieve arbitrary files from the underlying file system via specially designed web requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cloudwego hertz v | eq | 0.3.0 |
Related
prion
prion
Path traversal
2022-09-28 14:15:00
osv
osv
CVE-2022-40082
2022-09-28 14:15:10
Hertz contains path traversal via normalizePath function
2022-09-29 00:00:26
Path traversal in github.com/cloudwego/hertz
2022-10-05 18:02:53
cvelist
cvelist
CVE-2022-40082
2022-09-28 13:34:02
cve
cve
CVE-2022-40082
2022-09-28 14:15:10
github
github
Hertz contains path traversal via normalizePath function
2022-09-29 00:00:26
nvd
nvd
CVE-2022-40082
2022-09-28 14:15:10
veracode
veracode
Path Traversal
2022-09-29 04:48:15