A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
References
Link | Resource |
---|---|
https://go.dev/cl/468123 | Issue Tracking |
https://go.dev/issue/57274 | Issue Tracking |
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E | Mailing List Vendor Advisory |
https://pkg.go.dev/vuln/GO-2023-1568 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Go
Published: 2023-02-28T17:19:41.324Z
Updated: 2023-06-12T19:05:50.152Z
Reserved: 2022-09-28T17:00:06.610Z
Link: CVE-2022-41722
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-28T18:15:09.887
Modified: 2023-11-07T03:52:55.580
Link: CVE-2022-41722
JSON object: View
Redhat Information
No data.
CWE