CVE Catalog

GHSA-g7r4-m6w7-qqqr

Low
Published: Translated: NVD NIST

Summary

The development server contains a path traversal vulnerability on Windows when serving files from `servedir`. Due to the use of `path.Clean()` (which only normalizes forward-slash `/` separators) instead of a Windows-aware path normalization function, it is possible to craft malicious requests.

Risk Assessment

This vulnerability could lead to unauthorized access to system files, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update the development server to use a Windows-aware path normalization function to mitigate the path traversal risk.

Original NVD description (English source)

### Summary The development server contains a path traversal vulnerability on Windows when serving files from `servedir`. Due to the use of `path.Clean()` (which only normalizes forward-slash `/` separators) instead of a Windows-aware path normalization function, it is possible to craft requests u

Vulnerability data from NVD (NIST) · CISA KEV · EPSS