Lucene search
PRIOn knowledge basePRION:CVE-2021-23772HistoryDec 24, 2021 - 12:15 p.m.
Design/Logic Flaw
2021-12-2412:15:00
PRIOn knowledge base
www.prio-n.com
3
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.
| CPE | Name | Operator | Version |
|---|---|---|---|
| iris | le | 12.1.8 | |
| iris | eq | 12.2.0 alpha | |
| iris | eq | 12.2.0 alpha2 | |
| iris | eq | 12.2.0 alpha3 | |
| iris | eq | 12.2.0 alpha4 | |
| iris | eq | 12.2.0 alpha5 |
Related
cve
cve
CVE-2021-23772
2021-12-24 12:15:07
osv
osv
Link Following in Iris
2022-01-06 21:36:19
CVE-2021-23772
2021-12-24 12:15:07
nvd
nvd
CVE-2021-23772
2021-12-24 12:15:07
veracode
veracode
Directory Traversal
2021-12-27 09:33:30
cvelist
cvelist
CVE-2021-23772 Arbitrary File Write
2021-12-24 00:00:00
github
github
Link Following in Iris
2022-01-06 21:36:19
redhatcve
redhatcve
CVE-2021-23772
2021-12-29 14:01:03