CVE-2022-41722

CVSS V2 None CVSS V3 None
Description
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
Overview
  • CVE ID
  • CVE-2022-41722
  • Assigner
  • security@golang.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-28T18:15:09
  • Last Modified Date
  • 2023-03-10T15:41:45
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* 1 OR 1.19.6
cpe:2.3:a:golang:go:1.20.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://go.dev/cl/468123 Issue Tracking
https://go.dev/issue/57274 Issue Tracking
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E Mailing List Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-1568 Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 05:41:10 Added to TrackCVE
2023-04-17 05:41:12 Weakness Enumeration new