CVE-2024-8244
Description
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A TOCTOU race condition in Go's filepath.Walk and WalkDir allows symbolic link substitution during traversal.
A race condition has been discovered in Go's filepath.Walk and filepath.WalkDir functions, which are documented as not following symbolic links. Both functions are susceptible to a TOCTOU (time of check, time of use) flaw where a portion of the path being walked can be replaced with a symbolic link while the walk is in progress [1]. This race condition bypasses the intended protection against symlink traversal.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.