CVE-2020-36559

Summary

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Affected Software

VendorProductVersion RangeStatus
aahframe.workaahframe.work0 < 0.12.4affected

Weaknesses

  • CWE 23: Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References