Your submission was sent successfully! Close

CVE-2022-29804

Published: 3 June 2022

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

Priority

Medium

Status

Package Release Status
golang-1.11
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.15
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.17
Launchpad, Ubuntu, Debian
impish Not vulnerable
(windows only)
jammy Not vulnerable
(windows only)
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.18
Launchpad, Ubuntu, Debian
jammy Not vulnerable
(windows only)
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.7
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.8
Launchpad, Ubuntu, Debian
bionic Needs triage

upstream Not vulnerable
(debian: Only affects Go on Windows)