gohttp Directory Traversal Vulnerability Allowing Arbitrary File Read

A directory traversal vulnerability has been identified in gohttp, specifically in commit 34ea51. This issue allows attackers to exploit the file server by sending crafted requests that traverse outside the web root. The vulnerability arises because gohttp concatenates user-controlled request URI data with the web root to construct file system paths, without proper normalization or boundary enforcement. As a result, an unauthenticated remote attacker can read arbitrary files, such as /etc/passwd, or list directories, depending on the permissions of the gohttp process.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files outside the web root, potentially allowing attackers to read critical system information or application data.

Reproduction

To reproduce this vulnerability, start the gohttp server on port 9000. Then, send a crafted HTTP request that includes traversal sequences in the query string, targeting a file outside the web root, such as /etc/passwd.