CVE-2022-21221— Directory Traversal

CVSS 5.9 · Medium EPSS 0.57% · P69 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-21221

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Directory Traversal

Source: NVD (National Vulnerability Database)

Vulnerability Description

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

fasthttp 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

fasthttp是Go 的快速 HTTP 实现。 fasthttp 1.34.0之前版本存在安全漏洞，该漏洞源于ServerFile函数缺少有效的过滤转义，导致目录遍历。攻击者可以发送“/%5c”字符利用该漏洞实现目录遍历。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	github.com/valyala/fasthttp	unspecified ~ 1.34.0	-

II. Public POCs for CVE-2022-21221

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-21221

请登录查看更多情报信息。

https://github.com/valyala/fasthttp/issues/1226x_refsource_MISC
https://github.com/valyala/fasthttp/releases/tag/v1.34.0x_refsource_MISC
https://github.com/valyala/fasthttp/commit/6b5bc7bb304975147b4af68df54ac214ed2554c1x_refsource_MISC
https://github.com/valyala/fasthttp/commit/15262ecf3c602364639d465daba1e7f3604d00e8x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-21221

Same Patch Batch · n/a · 2022-03-17 · 36 CVEs total

CVE-2022-0748	9.8 CRITICAL	Arbitrary Code Execution
CVE-2022-25354	8.6 HIGH	Prototype Pollution
CVE-2022-25352	7.5 HIGH	Prototype Pollution
CVE-2022-0749	7.4 HIGH	Deserialization of Untrusted Data
CVE-2022-25760	7.1 HIGH	Arbitrary Code Injection
CVE-2021-23632	6.6 MEDIUM	Remote Code Execution (RCE)
CVE-2021-23771	6.5 MEDIUM	Sandbox Bypass
CVE-2021-23556	6.4 MEDIUM	Exposed Dangerous Method or Function
CVE-2022-25296	6.3 MEDIUM	Prototype Pollution
CVE-2020-15591		F*EX 代码注入漏洞
CVE-2021-44260		WAVLINK AC1200 访问控制错误漏洞
CVE-2022-26503		Veeam Agent for Windows 代码问题漏洞
CVE-2022-25364		Gradle 安全漏洞
CVE-2021-45040		Spatie Laravel Media Library Pro 代码问题漏洞
CVE-2022-26501		Veeam Backup&Replication 访问控制错误漏洞
CVE-2021-46107		Ligeo Archives 代码问题漏洞
CVE-2022-26504		Veeam Backup&Replication 授权问题漏洞
CVE-2022-26500		Veeam Backup&Replication 路径遍历漏洞
CVE-2022-24302		Paramiko 竞争条件问题漏洞
CVE-2021-44088		Attendance and Payroll System SQL注入漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2022-21221

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-21221— Directory Traversal

I. Basic Information for CVE-2022-21221

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-21221

III. Intelligence Information for CVE-2022-21221

Same Patch Batch · n/a · 2022-03-17 · 36 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-21221

Leave a comment