Critical severityNVD Advisory· Published Jul 5, 2022· Updated Aug 3, 2024
CVE-2022-31836
CVE-2022-31836
Description
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/beego/beegoGo | < 1.12.11 | 1.12.11 |
github.com/beego/beego/v2Go | >= 2.0.0, < 2.0.4 | 2.0.4 |
Affected products
3- ghsa-coords2 versions
< 1.12.11+ 1 more
- (no CPE)range: < 1.12.11
- (no CPE)range: >= 2.0.0, < 2.0.4
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-95f9-94vc-665hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31836ghsaADVISORY
- github.com/beego/beego/issues/4961ghsaWEB
- github.com/beego/beego/pull/5025ghsaWEB
- github.com/beego/beego/pull/5025/commits/ea5ae58d40589d249cf577a053e490509de2bf57ghsaWEB
- pkg.go.dev/vuln/GO-2022-0569ghsaWEB
News mentions
0No linked articles in our index yet.