Security Advisory

CVE-2022-32190

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-13 17:08:57

Last updated 2024-08-03 07:32:56

Assigner Go

State PUBLISHED

Description

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.

← Browse all CVEs View on cve.org ↗