Lucene search
GoCVELIST:CVE-2022-41722HistoryFeb 28, 2023 - 5:19 p.m.
CVE-2022-41722 Path traversal on Windows in path/filepath
2023-02-2817:19:41
Go
www.cve.org
2
path traversal
vulnerability
filepath.clean
windows
attack
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as “a/…/c:/b” into the valid path “c:\b”. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path “.\c:\b”.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "path/filepath",
"collectionURL": "https://pkg.go.dev",
"packageName": "path/filepath",
"versions": [
{
"version": "0",
"lessThan": "1.19.6",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.20.0-0",
"lessThan": "1.20.1",
"status": "affected",
"versionType": "semver"
}
],
"platforms": [
"windows"
],
"programRoutines": [
{
"name": "Clean"
},
{
"name": "Abs"
},
{
"name": "Dir"
},
{
"name": "EvalSymlinks"
},
{
"name": "Glob"
},
{
"name": "IsLocal"
},
{
"name": "Join"
},
{
"name": "Rel"
},
{
"name": "Walk"
},
{
"name": "WalkDir"
}
],
"defaultStatus": "unaffected"
}
]Related
cve
cve
CVE-2022-41722
2023-02-28 18:15:09
osv
osv
CVE-2022-41722
2023-02-28 18:15:09
BIT-golang-2022-41722
2024-03-06 10:57:57
Path traversal on Windows in path/filepath
2023-02-16 19:49:19
debiancve
debiancve
CVE-2022-41722
2023-02-28 18:15:09
nvd
nvd
CVE-2022-41722
2023-02-28 18:15:09
alpinelinux
alpinelinux
CVE-2022-41722
2023-02-28 18:15:09
cbl_mariner
cbl_mariner
CVE-2022-41722 affecting package golang 1.17.13-2
2024-07-02 21:08:33
CVE-2022-41722 affecting package msft-golang for versions less than 1.19.8-1
2023-04-16 01:04:22
CVE-2022-41722 affecting package golang 1.21.11-1
2024-07-02 21:08:37
ubuntucve
ubuntucve
CVE-2022-41722
2023-02-28 00:00:00
redhatcve
redhatcve
CVE-2022-41722
2023-05-11 04:21:28
prion
prion
Path traversal
2023-02-28 18:15:00
cgr
cgr
CVE-2022-41722 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Path Traversal
2023-10-18 08:31:33
wolfi
wolfi
CVE-2022-41722 vulnerabilities
2024-07-02 15:14:03
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)
2024-01-24 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-02-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.6-alt1
2023-02-22 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0733-1)
2023-03-28 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0362
2023-03-23 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0564
2023-04-06 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0425
2023-07-12 00:00:00
redhat
redhat
ibm
ibm
amazon
amazon
Important: golang
2023-04-13 19:28:00
Important: golang
2023-04-13 19:01:00
Important: golang
2023-09-27 22:15:00