go is vulnerable to Insecure Parsing Of File Path. The vulnerability is due to the IsLocal
function which insufficiently determines if reserved file names such as COM1
are local. An attacker can inject filenames with trailing spaces and superscripts, which will incorrectly deem these paths as local.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/golang/go | le | go1.21.3 | |
github.com/golang/go | le | go1.20.10 | |
github.com/golang/go | le | go1.21.3 | |
github.com/golang/go | le | go1.20.10 |