Directory Traversal Affecting github.com/cloudflare/cfrpki/validator/pki Open this link in a new tab package, versions <v1.4.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
11 Nov 2021
10 Nov 2021
How to fix?
github.com/cloudflare/cfrpki/validator/pki to version v1.4.0 or higher.
Affected versions of this package are vulnerable to Directory Traversal which does not escape a URI with a filename containing "..". This allows a repository to create a file, which would then be written to disk outside the base cache folder.