Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-41722

UNKNOWN
Published 2023-02-28T17:19:41.324Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-41722. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Go standard library

path/filepath

Affected Versions:

0 1.20.0-0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-fp44-cj2j-3jhx

Advisory Details

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-41722
WEB https://go.dev/cl/468123
WEB https://go.dev/issue/57274
WEB https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
WEB https://pkg.go.dev/vuln/GO-2023-1568

Advisory provided by GitHub Security Advisory Database. Published: February 28, 2023, Modified: March 10, 2023

References

https://go.dev/issue/57274
https://go.dev/cl/468123
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
https://pkg.go.dev/vuln/GO-2023-1568
Published: 2023-02-28T17:19:41.324Z
Last Modified: 2025-03-07T17:58:57.055Z
Copied to clipboard!