Go filepath.Clean Path-Traversal on Windows
CVE-2022-41722 Published on February 28, 2023

Path traversal on Windows in path/filepath
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

NVD

Products Associated with CVE-2022-41722

Want to know whenever a new CVE is published for GoLang Go? stack.watch will email you.

GoLang Go

Affected Versions

Go standard library path/filepath:

Before 1.19.6 is affected.
Version 1.20.0-0 and below 1.20.1 is affected.

Exploit Probability

EPSS

0.18%

Percentile

38.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Go filepath.Clean Path-Traversal on WindowsCVE-2022-41722 Published on February 28, 2023

Products Associated with CVE-2022-41722

Affected Versions

Exploit Probability

Go filepath.Clean Path-Traversal on Windows
CVE-2022-41722 Published on February 28, 2023