Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-23772

Related Vulnerabilities: CVE-2021-23772  

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.

Source

Description

The MITRE CVE dictionary describes this issue as:

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.

Additional Information

  • Bugzilla 2036051: CVE-2021-23772 kataras/iris: unsafe handling of file names during upload using UploadFormFiles method may allow attackers to write to arbitrary locations outside the designated target folder
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
  • FAQ: Frequently asked questions about CVE-2021-23772

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started