Description
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
Remediation
References
Related Vulnerabilities
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-28032)
WordPress Plugin Easy Google Map Cross-Site Scripting (1.1.4)
WordPress Plugin Name Directory Cross-Site Request Forgery (1.17.4)
PHP Out-of-bounds Read Vulnerability (CVE-2019-11041)
WordPress Ultimate Member Plugin Missing Authorization Vulnerability (CVE-2024-10528)