This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.
CPE | Name | Operator | Version |
---|---|---|---|
iris | le | 12.1.8 | |
iris | eq | 12.2.0 alpha | |
iris | eq | 12.2.0 alpha2 | |
iris | eq | 12.2.0 alpha3 | |
iris | eq | 12.2.0 alpha4 | |
iris | eq | 12.2.0 alpha5 |