← volver
CVE-2022-32190

Failure to strip relative path components in net/url

EPSS 1.6%
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
Productos afectados
Go standard library · net/url

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://go.dev/cl/423514https://go.dev/issue/54385https://groups.google.com/g/golang-announce/c/x49AQzIVX-shttps://pkg.go.dev/vuln/GO-2022-0988