Lucene search
Veracode Vulnerability DatabaseVERACODE:43868HistoryOct 18, 2023 - 8:31 a.m.
Path Traversal
2023-10-1808:31:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
go
path traversal
windows
directory traversal
attack
software
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
44.6%
Go is vulnerable to Path Traversal attack. On Windows, function clean can transform an invalid path to a valid path. This transformation of a relative path to absolute path could enable a directory traversal attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/golang/go | le | go1.19.5 | |
| github.com/golang/go | le | go1.20 | |
| github.com/golang/go | le | go1.19.5 | |
| github.com/golang/go | le | go1.20 |
Related
cve
cve
CVE-2022-41722
2023-02-28 18:15:09
osv
osv
CVE-2022-41722
2023-02-28 18:15:09
BIT-golang-2022-41722
2024-03-06 10:57:57
Path traversal on Windows in path/filepath
2023-02-16 19:49:19
debiancve
debiancve
CVE-2022-41722
2023-02-28 18:15:09
cvelist
cvelist
CVE-2022-41722 Path traversal on Windows in path/filepath
2023-02-28 17:19:41
ubuntucve
ubuntucve
CVE-2022-41722
2023-02-28 00:00:00
redhatcve
redhatcve
CVE-2022-41722
2023-05-11 04:21:28
cbl_mariner
cbl_mariner
CVE-2022-41722 affecting package msft-golang for versions less than 1.19.8-1
2023-04-16 01:04:22
CVE-2022-41722 affecting package golang 1.21.11-1
2024-07-05 17:10:16
CVE-2022-41722 affecting package golang 1.17.13-2
2024-07-05 17:10:12
prion
prion
Path traversal
2023-02-28 18:15:00
cgr
cgr
CVE-2022-41722 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2022-41722
2023-02-28 18:15:09
alpinelinux
alpinelinux
CVE-2022-41722
2023-02-28 18:15:09
wolfi
wolfi
CVE-2022-41722 vulnerabilities
2024-07-05 15:46:04
freebsd
freebsd
go -- multiple vulnerabilities
2023-02-14 00:00:00
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)
2024-01-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.6-alt1
2023-02-22 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0733-1)
2023-03-28 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0362
2023-03-23 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0564
2023-04-06 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0425
2023-07-12 00:00:00
redhat
redhat
ibm
ibm
amazon
amazon
Important: golang
2023-04-13 19:28:00
Important: golang
2023-04-13 19:01:00
Important: golang
2023-09-27 22:15:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
44.6%
Related for VERACODE:43868