0.001 Low
EPSS
Percentile
48.8%
github.com/cloudwego/hertz is vulnerable to path traversal. The vulnerability exists in normalizePath function of uri.go because the backslash restrictions are not properly implemented which allows an attacker to read any file in windows server.
normalizePath
uri.go
github.com/advisories/GHSA-c9qr-f6c8-rgxf
github.com/cloudwego/hertz/commit/dcb0b5a1861a1e2e4629a8607a3ca9c89009ac55
github.com/cloudwego/hertz/issues/228
github.com/cloudwego/hertz/pull/229