5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%
go is vulnerable to Insecure Parsing Of File Path. The vulnerability is due to the IsLocal
function which insufficiently determines if reserved file names such as COM1
are local. An attacker can inject filenames with trailing spaces and superscripts, which will incorrectly deem these paths as local.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/golang/go | le | go1.21.3 | |
github.com/golang/go | le | go1.20.10 | |
github.com/golang/go | le | go1.21.3 | |
github.com/golang/go | le | go1.20.10 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%