logo

Database

Lack of data validation - Path Traversal In stdlib

Description

Path traversal via Clean on Windows in path/filepath On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack.

For example, Clean(".\c:") returns "c:".

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-298042. NVD-2022-298043. OSV-GO-2022-05334. OSV-2022-298045. GCVE-2022-29804

References

1. https://go.dev/cl/4015952. https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e350332903. https://go.dev/issue/524764. https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.