{"id":"CVE-2019-25073","details":"Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.","aliases":["GHSA-fjgq-224f-fq37","GO-2020-0032"],"modified":"2026-04-10T04:17:49.308980Z","published":"2022-12-27T22:15:11.397Z","references":[{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2020-0032"},{"type":"FIX","url":"https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39"},{"type":"EVIDENCE","url":"https://github.com/goadesign/goa/pull/2388"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/goadesign/goa","events":[{"introduced":"0"},{"fixed":"1951ab4f8e8cb229fb3187fa3e02ea4326e38a7a"},{"introduced":"de50fdd7a56f4d7fbd13794667ace84af43c75b0"},{"fixed":"e4f6165a749b4de9bff19d6558cd1cf35cf993a2"},{"introduced":"922f55e91729e31573b9011401cc454025947172"},{"fixed":"a637706c9bb63ac4c8866c8c510ded40cb5c7ed6"},{"fixed":"70b5a199d0f813d74423993832c424e1fc73fb39"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.3"},{"introduced":"2.0.0"},{"fixed":"2.0.10"},{"introduced":"3.0.0"},{"fixed":"3.0.9"}]}}],"versions":["v1.0.0","v1.1.0","v1.2.0","v1.3.0","v1.3.1","v1.4.0","v1.4.1","v1.4.2","v2.0.0","v2.0.3","v2.0.4","v2.0.5","v2.0.7","v2.0.8","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25073.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}