{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T16:51:49.492","vulnerabilities":[{"cve":{"id":"CVE-2021-23772","sourceIdentifier":"report@snyk.io","published":"2021-12-24T12:15:07.697","lastModified":"2024-11-21T05:51:53.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder."},{"lang":"es","value":"Esto afecta a todas las versiones del paquete github.com/kataras/iris; todas las versiones del paquete github.com/kataras/iris/v12. Un manejo no seguro de los nombres de archivo durante la carga usando el método UploadFormFiles puede permitir a atacantes escribir en ubicaciones arbitrarias fuera de la carpeta de destino designada"}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iris-go:iris:*:*:*:*:*:go:*:*","versionEndIncluding":"12.1.8","matchCriteriaId":"EA26C17D-DFA8-4AB5-9E4C-6D5E0A375F6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:iris-go:iris:12.2.0:alpha:*:*:*:go:*:*","matchCriteriaId":"36735110-76CB-42E1-A4DC-E75FF8D35844"},{"vulnerable":true,"criteria":"cpe:2.3:a:iris-go:iris:12.2.0:alpha2:*:*:*:go:*:*","matchCriteriaId":"4801442A-7188-4FBB-B699-569B7EAC0FC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:iris-go:iris:12.2.0:alpha3:*:*:*:go:*:*","matchCriteriaId":"911993F3-EC67-4E85-A0B2-598CA8CB3B14"},{"vulnerable":true,"criteria":"cpe:2.3:a:iris-go:iris:12.2.0:alpha4:*:*:*:go:*:*","matchCriteriaId":"4ED1FF1C-46DA-4E7B-BC42-00847843A82A"},{"vulnerable":true,"criteria":"cpe:2.3:a:iris-go:iris:12.2.0:alpha5:*:*:*:go:*:*","matchCriteriaId":"CA784B81-3C4F-4253-92C9-0B16431BE486"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.5","matchCriteriaId":"355C01B5-DC2D-4992-BCD9-B22E68BC7858"}]}]}],"references":[{"url":"https://github.com/kataras/iris/commit/e213dba0d32ff66653e0ef124bc5088817264b08","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRIS-2325169","source":"report@snyk.io","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRISV12-2325170","source":"report@snyk.io","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/kataras/iris/commit/e213dba0d32ff66653e0ef124bc5088817264b08","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRIS-2325169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRISV12-2325170","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}