CVE-2022-30636

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue arises from the use of path.Base to extract the expected HTTP-01 token value, which behaves differently on Windows due to the distinct path separator (`` vs /). This allows a user to provide a relative path, potentially leading to the extraction of an unintended path. The extracted path is then suffixed with +http-01 and opened. The impact is limited, as it only allows reading arbitrary files on the system if they have the +http-01 suffix.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.