security
hertz path-traversal vulnerability; echo open redirect vulnerability
· ☕ 5 min read
漏洞及修复 先上链接 https://github.com/cloudwego/hertz/issues/228 https://github.com/cloudwego/hertz/pull/229 起因是昨晚睡前看到hertz issue列表有一个默认通过XFF获取ClientIP的漏洞,这很容易被伪造。Issue中