CVE-2022-40082

Name of the Vulnerable Software and Affected Versions Hertz versions prior to 0.3.1

Description The issue is related to a path traversal vulnerability via the normalizePath function. This vulnerability is caused by improper path sanitization on Windows, which permits path traversal attacks. Specifically, when using the Static or StaticFS functions for static file serving, an attacker can access files from outside the filesystem root. This issue does not affect non-Windows systems.

Recommendations For versions prior to 0.3.1, update to version 0.3.1 to resolve the issue. As a temporary workaround, consider disabling the normalizePath function or restricting access to the Static and StaticFS functions until a patch is applied.