Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/go-aah/aah(Go) | 0 | 0.12.4 | N/A |
| aahframe.work(Go) | 0 | 0.12.4 | N/A |
CVSS Metrics
