go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
vulndb/data/osv/GO-2022-0355.json

281 строка
9.2 KiB
JSON
Исходник Ответственный История

{
"schema_version": "1.3.1",
"id": "GO-2022-0355",
"modified": "0001-01-01T00:00:00Z",
"published": "2022-07-27T20:26:59Z",
"aliases": [
"CVE-2022-21221",
"GHSA-fx95-883v-4q4h"
],
"details": "The fasthttp.FS request handler is vulnerable to directory traversal attacks on Windows systems, and can serve files from outside the provided root directory.\n\nURL path normalization does not handle Windows path separators (backslashes), permitting an attacker to construct requests with relative paths.",
"affected": [
{
"package": {
"name": "github.com/valyala/fasthttp",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.34.0"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/valyala/fasthttp",
"symbols": [
"AppendBrotliBytes",
"AppendBrotliBytesLevel",
"AppendDeflateBytes",
"AppendDeflateBytesLevel",
"AppendGunzipBytes",
"AppendGzipBytes",
"AppendGzipBytesLevel",
"AppendHTTPDate",
"AppendInflateBytes",
"AppendUnbrotliBytes",
"Args.WriteTo",
"Client.CloseIdleConnections",
"Client.Do",
"Client.DoDeadline",
"Client.DoRedirects",
"Client.DoTimeout",
"Client.Get",
"Client.GetDeadline",
"Client.GetTimeout",
"Client.Post",
"Cookie.AppendBytes",
"Cookie.Cookie",
"Cookie.Parse",
"Cookie.ParseBytes",
"Cookie.String",
"Cookie.WriteTo",
"Dial",
"DialDualStack",
"DialDualStackTimeout",
"DialTimeout",
"Do",
"DoDeadline",
"DoRedirects",
"DoTimeout",
"FS.NewRequestHandler",
"FSHandler",
"FileLastModified",
"GenerateTestCertificate",
"Get",
"GetDeadline",
"GetTimeout",
"HostClient.CloseIdleConnections",
"HostClient.Do",
"HostClient.DoDeadline",
"HostClient.DoRedirects",
"HostClient.DoTimeout",
"HostClient.Get",
"HostClient.GetDeadline",
"HostClient.GetTimeout",
"HostClient.Post",
"LBClient.Do",
"LBClient.DoDeadline",
"LBClient.DoTimeout",
"ListenAndServe",
"ListenAndServeTLS",
"ListenAndServeTLSEmbed",
"ListenAndServeUNIX",
"NewStreamReader",
"ParseByteRange",
"ParseHTTPDate",
"ParseIPv4",
"PipelineClient.Do",
"PipelineClient.DoDeadline",
"PipelineClient.DoTimeout",
"PipelineClient.PendingRequests",
"Post",
"Request.Body",
"Request.BodyGunzip",
"Request.BodyInflate",
"Request.BodyUnbrotli",
"Request.BodyWriteTo",
"Request.ContinueReadBody",
"Request.ContinueReadBodyStream",
"Request.Host",
"Request.MultipartForm",
"Request.PostArgs",
"Request.Read",
"Request.ReadBody",
"Request.ReadLimitBody",
"Request.SetBodyStreamWriter",
"Request.SetHost",
"Request.SetHostBytes",
"Request.String",
"Request.SwapBody",
"Request.URI",
"Request.Write",
"Request.WriteTo",
"RequestCtx.FormFile",
"RequestCtx.FormValue",
"RequestCtx.Host",
"RequestCtx.IfModifiedSince",
"RequestCtx.MultipartForm",
"RequestCtx.Path",
"RequestCtx.PostArgs",
"RequestCtx.PostBody",
"RequestCtx.QueryArgs",
"RequestCtx.Redirect",
"RequestCtx.RedirectBytes",
"RequestCtx.SendFile",
"RequestCtx.SendFileBytes",
"RequestCtx.SetBodyStreamWriter",
"RequestCtx.String",
"RequestCtx.URI",
"RequestHeader.Add",
"RequestHeader.AddBytesK",
"RequestHeader.AddBytesKV",
"RequestHeader.AddBytesV",
"RequestHeader.Read",
"RequestHeader.ReadTrailer",
"RequestHeader.Set",
"RequestHeader.SetByteRange",
"RequestHeader.SetBytesK",
"RequestHeader.SetBytesKV",
"RequestHeader.SetBytesV",
"RequestHeader.SetCanonical",
"RequestHeader.SetReferer",
"RequestHeader.SetRefererBytes",
"RequestHeader.Write",
"Response.Body",
"Response.BodyGunzip",
"Response.BodyInflate",
"Response.BodyUnbrotli",
"Response.BodyWriteTo",
"Response.Read",
"Response.ReadBody",
"Response.ReadLimitBody",
"Response.SendFile",
"Response.SetBodyStreamWriter",
"Response.String",
"Response.SwapBody",
"Response.Write",
"Response.WriteDeflate",
"Response.WriteDeflateLevel",
"Response.WriteGzip",
"Response.WriteGzipLevel",
"Response.WriteTo",
"ResponseHeader.Add",
"ResponseHeader.AddBytesK",
"ResponseHeader.AddBytesKV",
"ResponseHeader.AddBytesV",
"ResponseHeader.AppendBytes",
"ResponseHeader.Cookie",
"ResponseHeader.DelClientCookie",
"ResponseHeader.DelClientCookieBytes",
"ResponseHeader.Header",
"ResponseHeader.Read",
"ResponseHeader.ReadTrailer",
"ResponseHeader.Set",
"ResponseHeader.SetBytesK",
"ResponseHeader.SetBytesKV",
"ResponseHeader.SetBytesV",
"ResponseHeader.SetCanonical",
"ResponseHeader.SetContentRange",
"ResponseHeader.SetCookie",
"ResponseHeader.SetLastModified",
"ResponseHeader.String",
"ResponseHeader.Write",
"ResponseHeader.WriteTo",
"SaveMultipartFile",
"Serve",
"ServeConn",
"ServeFile",
"ServeFileBytes",
"ServeFileBytesUncompressed",
"ServeFileUncompressed",
"ServeTLS",
"ServeTLSEmbed",
"Server.AppendCert",
"Server.AppendCertEmbed",
"Server.ListenAndServe",
"Server.ListenAndServeTLS",
"Server.ListenAndServeTLSEmbed",
"Server.ListenAndServeUNIX",
"Server.Serve",
"Server.ServeConn",
"Server.ServeTLS",
"Server.ServeTLSEmbed",
"Server.Shutdown",
"TCPDialer.Dial",
"TCPDialer.DialDualStack",
"TCPDialer.DialDualStackTimeout",
"TCPDialer.DialTimeout",
"URI.Parse",
"URI.Update",
"URI.UpdateBytes",
"URI.WriteTo",
"WriteBrotli",
"WriteBrotliLevel",
"WriteDeflate",
"WriteDeflateLevel",
"WriteGunzip",
"WriteGzip",
"WriteGzipLevel",
"WriteInflate",
"WriteMultipartForm",
"WriteUnbrotli",
"bigFileReader.Read",
"bigFileReader.WriteTo",
"ctxLogger.Printf",
"firstByteReader.Read",
"flushWriter.Write",
"fsFile.NewReader",
"fsSmallFileReader.WriteTo",
"hijackConn.Close",
"hijackConn.Read",
"perIPConn.Close",
"perIPConnCounter.Unregister",
"pipelineConnClient.Do",
"pipelineConnClient.DoDeadline",
"pipelineConnClient.PendingRequests",
"requestStream.Read",
"statsWriter.Write",
"tcpKeepaliveListener.Accept",
"workerPool.Serve"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/valyala/fasthttp/commit/6b5bc7bb304975147b4af68df54ac214ed2554c1"
},
{
"type": "WEB",
"url": "https://github.com/valyala/fasthttp/issues/1226"
},
{
"type": "WEB",
"url": "https://github.com/valyala/fasthttp/releases/tag/v1.34.0"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMVALYALAFASTHTTP-2407866"
}
],
"credits": [
{
"name": "egovorukhin"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0355"
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку