High severity7.5NVD Advisory· Published Dec 27, 2022· Updated Jun 17, 2026
CVE-2019-25073
CVE-2019-25073
Description
Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/goadesign/goaGo | < 1.4.3 | 1.4.3 |
goa.design/goaGo | < 1.4.3 | 1.4.3 |
goa.design/goa/v3Go | < 3.0.9 | 3.0.9 |
Affected products
6- ghsa-coords3 versions
< 1.4.3+ 2 more
- (no CPE)range: < 1.4.3
- (no CPE)range: < 1.4.3
- (no CPE)range: < 3.0.9
- github.com/goadesign/goa/github.com/goadesign/goav5Range: 0
- goa.design/goa/goa.design/goav5Range: 0
- goa.design/goa/v3/goa.design/goa/v3v5Range: 0
Patches
Vulnerability mechanics
References
5- github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39nvdPatchThird Party AdvisoryWEB
- github.com/goadesign/goa/pull/2388nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-fjgq-224f-fq37ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-25073ghsaADVISORY
- pkg.go.dev/vuln/GO-2020-0032nvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.