EmbedThis GoAhead 3.0.0 up to and including 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote malicious users to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
embedthis goahead 3.0.0 |
||
embedthis goahead 3.3.2 |
||
embedthis goahead 3.3.1 |
||
embedthis goahead 3.4.0 |
||
embedthis goahead 3.3.6 |
||
embedthis goahead 3.3.5 |
||
embedthis goahead 3.3.4 |
||
embedthis goahead 3.3.3 |