GHSA-JCXC-RH6W-WF49 Link Following in Iris

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

Directory Traversal

github.com/kataras/iris is vulnerable to directory traversal. A malicious user is able to write to arbitrary locations using UploadFormFiles method in context file due to improper parsing of file paths...

Design/Logic Flaw

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

CVE-2021-23772 Arbitrary File Write

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...