Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:36979
HistorySep 08, 2022 - 9:54 a.m.

Path Traversal

2022-09-0809:54:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
path traversal
github.com/golang/go
joinpath vulnerability
url.go
file access

EPSS

0.002

Percentile

53.3%

github.com/golang/go is vulnerable to path traversal. The vulnerability exists because the JoinPath function of url.go does not properly remove the relative elements from the start of the path when the first path element is “”, allowing an attacker to access files outside the expected directory through the urls such as https://go.dev", "../go