CVE-2022-30580 – stdlib

Package

Manager: go
Name: stdlib
Vulnerable Version: >=0 <1.17.11

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0003 pctl0.06838

Details

Empty Cmd.Path can trigger unintended binary in os/exec on Windows On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger execution of any binaries in the working directory named either "..com" or "..exe".

Metadata

Created: 2022-07-26T21:41:20Z
Modified: 2024-05-20T16:03:47Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F297
Auto approve: 1