[GO-2023-1568] Path traversal on Windows in path/filepath
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
A path traversal vulnerability exists in filepath.Clean on Windows.
On Windows, the filepath.Clean function could transform an invalid path such as
"a/../c:/b" into the valid path "c:\b". This transformation of a relative (if
invalid) path into an absolute path could enable a directory traversal attack.
After fix, the filepath.Clean function transforms this path into the relative
(but still invalid) path ".\c:\b".
| Package | Affected Version |
|---|---|
 pkg:golang/path/filepath
|
>= 1.20.0, < 1.19.6 |
|
pkg:golang/path/filepath
|
>= 1.20.0, < 1.20.1 |
| Package | Fixed Version |
|---|---|
|
pkg:golang/path/filepath
|
= 1.19.6 |
|
pkg:golang/path/filepath
|
= 1.20.1 |
- ID
- GO-2023-1568
- Severity
- high
- Severity from
- CVE-2022-41722
- URL
- https://pkg.go.dev/vuln/GO-2023-1568
- Published
-
2023-02-15T17:33:22
(19 months ago) - Modified
-
2024-07-17T19:54:18
(2 months ago) - Other Advisories
ALAS-2023-1731
FREEBSD:3D73E384-AD1F-11ED-983C-83FE35862E3A
SUSE-SU-2023:0733-1| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Fixed | pkg:golang/path/filepath | path |
filepath
|
= 1.19.6 | |||
| Affected | pkg:golang/path/filepath | path |
filepath
|
>= 1.20.0 < 1.19.6 | |||
| Fixed | pkg:golang/path/filepath | path |
filepath
|
= 1.20.1 | |||
| Affected | pkg:golang/path/filepath | path |
filepath
|
>= 1.20.0 < 1.20.1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |