Uploaded image for project: 'TEST Defect Tracking Project'
  1. TEST Defect Tracking Project
  2. TEST-1295

Unsanitized Input From the Request URL Flows Into os.OpenFile, Where It Is Used as a Path. This May Result in a Path Traversal Vulnerability and [...]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Title: Unsanitized Input From the Request URL Flows Into os.OpenFile, Where It Is Used as a Path. This May Result in a Path Traversal Vulnerability and [...]

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2970555 (2970555)

      Severity: High

      CWE: CWE-23

      CVE: Unknown

      Product/Engagement/Test: test/product / AdHoc Import - Fri, 12 Apr 2024 13:26:02 / cspodman Scan (SARIF)

      Source File: unpacked_remote_sources/istio-operator/app/vendor/go.uber.org/zap/sink.go

      Source Line: 139

      Description:
      *Result message:* Unsanitized input from the request URL flows into os.OpenFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to open arbitrary files.
      *Code flow:*
      1. unpacked_remote_sources/istio-operator/app/vendor/go.uber.org/zap/sink.go:L139:C9
      Unsanitized input from the request URL flows into os.OpenFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to open arbitrary files.

      References:
      https://cwe.mitre.org/data/definitions/23.html

      Reporter: (ccota) ()

              Unassigned Unassigned
              defectdojo-prodsec Defect Dojo (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: