Goa vulnerable to path traversal

2022-12-2800:30:23

CWE-22

GitHub Advisory Database

github.com

path traversal

goa software

remote attackers

file access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

74.8%

JSON

Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory

Affected configurations

Vulners

Node

goav3Range<3.0.9

goa.designgoaRange<1.4.3go

goadesigngoaRange<1.4.3

VendorProductVersionCPE
goav3*cpe:2.3:a:goa:v3:*:*:*:*:*:*:*:*
goa.designgoa*cpe:2.3:a:goa.design:goa:*:*:*:*:*:go:*:*
goadesigngoa*cpe:2.3:a:goadesign:goa:*:*:*:*:*:*:*:*