Unrated severityNVD Advisory· Published Feb 28, 2023· Updated Mar 7, 2025
Path traversal on Windows in path/filepath
CVE-2022-41722
Description
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26- osv-coords25 versionspkg:apk/chainguard/falcopkg:apk/chainguard/falco-devpkg:apk/chainguard/falco-srcpkg:apk/chainguard/go-1.17pkg:apk/chainguard/go-1.17-docpkg:apk/chainguard/go-1.18pkg:apk/chainguard/go-1.18-docpkg:apk/wolfi/falcopkg:apk/wolfi/falco-devpkg:apk/wolfi/falco-srcpkg:apk/wolfi/go-1.18pkg:apk/wolfi/go-1.18-docpkg:bitnami/golangpkg:rpm/opensuse/go1.19&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.19&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.20&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.20&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.19&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.19&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4
< 0.37.1-r0+ 24 more
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.19.6
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.19.6-1.1
- (no CPE)range: < 1.20.2-150000.1.5.1
- (no CPE)range: < 1.20.1-1.1
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.19.7-150000.1.23.1
- (no CPE)range: < 1.20.2-150000.1.5.1
- Go standard library/path/filepathv5Range: 0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.