cbcvebase.
CVE-2022-29804
published 2022-08-10

CVE-2022-29804: Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.87%
76.7th percentile
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

Affected

14 ranges
VendorProductVersion rangeFixed in
debiangolang-1.15
go_standard_librarypath_filepath< 1.17.111.17.11
go_standard_librarypath_filepath>= 1.18.0-0 < 1.18.31.18.3
golanggo< 1.17.111.17.11
golanggo>= 1.18.0 < 1.18.31.18.3
msrcazl3_gcc_13.2.0-7_on_azure_linux_3.0
msrcazl3_golang_1.23.9-1_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrcmicrosoft_visual_studio_2022_version_17.10
msrcmicrosoft_visual_studio_2022_version_17.12
msrcmicrosoft_visual_studio_2022_version_17.13
msrcmicrosoft_visual_studio_2022_version_17.8
paloaltopan-os

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_debian7.5LOW
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.