CVE-2019-25073

Summary

Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.

Affected Software

VendorProductVersion RangeStatus
github.com/goadesign/goagithub.com/goadesign/goa0 < 1.4.3affected
goa.design/goagoa.design/goa0 < 1.4.3affected
goa.design/goa/v3goa.design/goa/v30 < 3.0.9affected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References