Vulnerability Details CVE-2020-36559
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 51.1%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2020-36559
-
cpe:2.3:a:aahframework:aah:-
-
cpe:2.3:a:aahframework:aah:0.1
-
cpe:2.3:a:aahframework:aah:0.10
-
cpe:2.3:a:aahframework:aah:0.10.1
-
cpe:2.3:a:aahframework:aah:0.11.0
-
cpe:2.3:a:aahframework:aah:0.11.1
-
cpe:2.3:a:aahframework:aah:0.11.2
-
cpe:2.3:a:aahframework:aah:0.11.3
-
cpe:2.3:a:aahframework:aah:0.11.4
-
cpe:2.3:a:aahframework:aah:0.12.0
-
cpe:2.3:a:aahframework:aah:0.12.1
-
cpe:2.3:a:aahframework:aah:0.12.2
-
cpe:2.3:a:aahframework:aah:0.12.3
-
cpe:2.3:a:aahframework:aah:0.2
-
cpe:2.3:a:aahframework:aah:0.3
-
cpe:2.3:a:aahframework:aah:0.4
-
cpe:2.3:a:aahframework:aah:0.4.1
-
cpe:2.3:a:aahframework:aah:0.5
-
cpe:2.3:a:aahframework:aah:0.5.1
-
cpe:2.3:a:aahframework:aah:0.6
-
cpe:2.3:a:aahframework:aah:0.7
-
cpe:2.3:a:aahframework:aah:0.8
-
cpe:2.3:a:aahframework:aah:0.9