GO-2020-0032

See a problem?
Please try reporting it to the source first.
Source
https://pkg.go.dev/vuln/GO-2020-0032
Import Source
https://vuln.go.dev/ID/GO-2020-0032.json
JSON Data
https://api.test.osv.dev/v1/vulns/GO-2020-0032
Aliases
Published
2021-04-14T20:04:52Z
Modified
2024-05-20T16:03:47Z
Summary
Path traversal in github.com/goadesign/goa
Details

Due to improper sanitization of user input, Controller.FileHandler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Database specific 
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2020-0032"
}
References
Credits
    • @christi3k

Affected packages

Go / github.com/goadesign/goa

Package

Name
github.com/goadesign/goa
View open source insights on deps.dev
Purl
pkg:golang/github.com/goadesign/goa

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3

Ecosystem specific 

{
    "imports": [
        {
            "path": "github.com/goadesign/goa",
            "symbols": [
                "Controller.FileHandler",
                "Service.ListenAndServe",
                "Service.ListenAndServeTLS",
                "Service.Serve",
                "mux.ServeHTTP"
            ]
        }
    ]
}

Go / goa.design/goa

Package

Name
goa.design/goa
View open source insights on deps.dev
Purl
pkg:golang/goa.design/goa

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3

Ecosystem specific 

{
    "imports": [
        {
            "path": "goa.design/goa",
            "symbols": [
                "Controller.FileHandler"
            ]
        }
    ]
}

Go / goa.design/goa/v3

Package

Name
goa.design/goa/v3
View open source insights on deps.dev
Purl
pkg:golang/goa.design/goa/v3

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.9

Ecosystem specific 

{
    "imports": [
        {
            "path": "goa.design/goa/v3",
            "symbols": [
                "Controller.FileHandler"
            ]
        }
    ]
}