CVE-2022-29804

Опубликовано: 10 авг. 2022

Источник: debian

Описание

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

Пакеты

Пакет	Статус	Тип
golang-1.18	not-affected	package
golang-1.17	not-affected	package
golang-1.15	not-affected	package
golang-1.11	not-affected	package
golang-1.8	not-affected	package
golang-1.7	not-affected	package

Примечания

https://go.dev/issue/52476

Связанные уязвимости

CVE-2022-29804

CVSS3: 7.5

ubuntu

почти 3 года назад

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

CVE-2022-29804

CVSS3: 7.5

nvd

почти 3 года назад

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

GHSA-4r7w-gv7f-q74g

CVSS3: 7.5

github

почти 3 года назад

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

SUSE-SU-2022:2005-1

suse-cvrf

около 3 лет назад

Security update for go1.18

SUSE-SU-2022:2004-1

suse-cvrf

около 3 лет назад

Security update for go1.17