Your submission was sent successfully! Close

CVE-2022-29804

Published: 10 August 2022

In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x before 1.18.3 on Windows, invalid paths such as .\c: could be converted to valid paths (such as c: in this example).

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
golang-1.11
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.15
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.17
Launchpad, Ubuntu, Debian
impish Not vulnerable
(windows only)
jammy Not vulnerable
(windows only)
kinetic Does not exist

upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.18
Launchpad, Ubuntu, Debian
jammy Not vulnerable
(windows only)
kinetic Does not exist

upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.7
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.8
Launchpad, Ubuntu, Debian
bionic Needs triage

upstream Not vulnerable
(debian: Only affects Go on Windows)