Go Standard Library Path Filepath vulnerabilities

5 known vulnerabilities affecting go_standard_library/path_filepath.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2023-45283HIGHCVSS 7.5fixed in 1.20.11≥ 1.21.0-0, < 1.21.4+2 more2023-11-09

CVE-2023-45283 [HIGH] CWE-22 CVE-2023-45283: The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path begi The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix,

CVE-2023-45284MEDIUMCVSS 5.3fixed in 1.20.11≥ 1.21.0-0, < 1.21.42023-11-09

CVE-2023-45284 [MEDIUM] CVE-2023-45284: On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Rese On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

CVE-2022-41722HIGHCVSS 7.5fixed in 1.19.6≥ 1.20.0-0, < 1.20.12023-02-28

CVE-2022-41722 [HIGH] CWE-22 CVE-2022-41722: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean f A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms

CVE-2022-29804HIGHCVSS 7.5fixed in 1.17.11≥ 1.18.0-0, < 1.18.32022-08-10

CVE-2022-29804 [HIGH] CWE-22 CVE-2022-29804: Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath bef Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

CVE-2022-30632HIGHCVSS 7.5fixed in 1.17.12≥ 1.18.0-0, < 1.18.42022-08-10

CVE-2022-30632 [HIGH] CWE-674 CVE-2022-30632: Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker t Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.