[GO-2023-1568] Path traversal on Windows in path/filepath
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
A path traversal vulnerability exists in filepath.Clean on Windows.
On Windows, the filepath.Clean function could transform an invalid path such as
"a/../c:/b" into the valid path "c:\b". This transformation of a relative (if
invalid) path into an absolute path could enable a directory traversal attack.
After fix, the filepath.Clean function transforms this path into the relative
(but still invalid) path ".\c:\b".
Package | Affected Version |
---|---|
pkg:golang/path/filepath | >= 1.20.0, < 1.19.6 |
pkg:golang/path/filepath | >= 1.20.0, < 1.20.1 |
Package | Fixed Version |
---|---|
pkg:golang/path/filepath | = 1.19.6 |
pkg:golang/path/filepath | = 1.20.1 |
- ID
- GO-2023-1568
- Severity
- high
- Severity from
- CVE-2022-41722
- URL
- https://pkg.go.dev/vuln/GO-2023-1568
- Published
-
2023-02-15T17:33:22
(19 months ago) - Modified
-
2024-07-17T19:54:18
(2 months ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:golang/path/filepath | path | filepath | = 1.19.6 | |||
Affected | pkg:golang/path/filepath | path | filepath | >= 1.20.0 < 1.19.6 | |||
Fixed | pkg:golang/path/filepath | path | filepath | = 1.20.1 | |||
Affected | pkg:golang/path/filepath | path | filepath | >= 1.20.0 < 1.20.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |