Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump fasthttp from 1.6.0 to 1.34.0 #442

Closed
gpestana opened this issue May 20, 2022 · 1 comment
Closed

Bump fasthttp from 1.6.0 to 1.34.0 #442

gpestana opened this issue May 20, 2022 · 1 comment

Comments

@gpestana
Copy link

gpestana commented May 20, 2022
edited
Loading

From dependabot:

The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only.

Related to #425
@ghouscht ghouscht mentioned this issue Jun 16, 2022
Closed
@YaroslavPodorvanov
Copy link
Contributor

@gpestana solved in #464

@cleptric cleptric closed this as completed Sep 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gpestana @cleptric @stephanie-anderson @YaroslavPodorvanov