React2Shell Update:
Critical in-the-wild React.js vulnerability exposes apps to remote code execution.
Learn More
Bring Sonatype intelligence to your IDE and AI workflows with the Sonatype MCP server.
Discover, assess, and secure your open source components with confidence.
From selecting the best versions to identifying vulnerabilities, ensuring license compliance, and receiving real-time remediation guidance,
everything you need to build safer software, faster.
Get setup now
[CVE-2022-21221] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only.