Unrated severityNVD Advisory· Published Aug 9, 2022· Updated Aug 3, 2024
Path traversal via Clean on Windows in path/filepath
CVE-2022-29804
Description
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- osv-coords20 versionspkg:bitnami/golangpkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.18&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 1.17.11+ 19 more
- (no CPE)range: < 1.17.11
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.17.11-1.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.3-1.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- Go standard library/path/filepathv5Range: 0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.