Filtered by vendor Iris-go
Subscribe
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-23772 | 2 Golang, Iris-go | 2 Go, Iris | 2022-01-04 | 6.8 MEDIUM | 8.8 HIGH |
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. |