VYPR
High severity7.1GHSA Advisory· Published Jan 28, 2025· Updated Jun 17, 2026

CVE-2024-45339

CVE-2024-45339

Description

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/golang/glogGo
< 1.2.41.2.4

Affected products

452

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.