A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
CVSS Details
- CVSS 3.1 Base Score: 7.5
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-go | Aug 22, 2024 | Feb 28, 2023 | |
| Amazon Linux Ami 2 | amazon-linux-ami-2-upgrade-golangamazon-linux-ami-2-upgrade-golang-binamazon-linux-ami-2-upgrade-golang-docsamazon-linux-ami-2-upgrade-golang-miscamazon-linux-ami-2-upgrade-golang-raceamazon-linux-ami-2-upgrade-golang-sharedamazon-linux-ami-2-upgrade-golang-srcamazon-linux-ami-2-upgrade-golang-tests | Apr 21, 2023 | Feb 28, 2023 | |
| Amazon_linux | — | amazon-linux-upgrade-golang | Apr 21, 2023 | Feb 14, 2023 |
| Amazon_linux_2023 | amazon-linux-2023-upgrade-golangamazon-linux-2023-upgrade-golang-binamazon-linux-2023-upgrade-golang-docsamazon-linux-2023-upgrade-golang-miscamazon-linux-2023-upgrade-golang-raceamazon-linux-2023-upgrade-golang-sharedamazon-linux-2023-upgrade-golang-srcamazon-linux-2023-upgrade-golang-tests | Feb 17, 2025 | Feb 15, 2023 | |
| Debian | debian-upgrade-golang-1-19 | Jul 30, 2024 | Feb 28, 2023 | |
| Freebsd | freebsd-upgrade-package-go119freebsd-upgrade-package-go120 | Feb 17, 2023 | Feb 15, 2023 | |
| Redhat Openshift | linuxrpm-upgrade-cri-olinuxrpm-upgrade-cri-toolslinuxrpm-upgrade-openshiftlinuxrpm-upgrade-openshift-clients | Jun 8, 2023 | Feb 28, 2023 | |
| Suse | — | suse-upgrade-go1-19suse-upgrade-go1-19-docsuse-upgrade-go1-19-racesuse-upgrade-go1-20suse-upgrade-go1-20-docsuse-upgrade-go1-20-race | Mar 15, 2023 | Feb 28, 2023 |
| Vmware Photon_os | vmware-photon_os_update_tdnf | Jan 20, 2025 | Feb 28, 2023 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub