filepath

package standard library

Go to main page

Versions in this module

go1

go1.20.4

May 2, 2023

go1.20.3

Apr 4, 2023

go1.20.2

Mar 7, 2023

go1.20.1

Feb 14, 2023

go1.20

Feb 1, 2023 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

Changes in this version

+ var SkipAll error = fs.SkipAll

+ func IsLocal(path string) bool

go1.20rc3

Jan 12, 2023 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.20rc2

Jan 4, 2023 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.20rc1

Dec 7, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19.9

May 2, 2023

go1.19.8

Apr 4, 2023

go1.19.7

Mar 7, 2023

go1.19.6

Feb 14, 2023

go1.19.5

Jan 10, 2023 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19.4

Dec 6, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19.3

Nov 1, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19.2

Oct 4, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19.1

Sep 6, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19

Aug 2, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19rc2

Jul 12, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19rc1

Jul 6, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.19beta1

Jun 9, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.10

Jan 10, 2023 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.9

Dec 6, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.8

Nov 1, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.7

Oct 4, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.6

Sep 6, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.5

Aug 1, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.4

Jul 12, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.3

Jun 1, 2022 GO-2022-0522GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.2

May 10, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18.1

Apr 12, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18

Mar 15, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18rc1

Feb 16, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18beta2

Jan 31, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.18beta1

Dec 14, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.13

Aug 1, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.12

Jul 12, 2022 GO-2023-1568

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.11

Jun 1, 2022 GO-2022-0522GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.10

May 10, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.9

Apr 12, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.8

Mar 3, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.7

Feb 9, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.6

Jan 6, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.5

Dec 9, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.4

Dec 2, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.3

Nov 4, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.2

Oct 7, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17.1

Sep 9, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17

Aug 16, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17rc2

Aug 2, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17rc1

Jul 13, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.17beta1

Jun 10, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.15

Mar 3, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.14

Feb 9, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.13

Jan 6, 2022 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.12

Dec 9, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.11

Dec 2, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.10

Nov 4, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.9

Oct 7, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.8

Sep 9, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.7

Aug 4, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.6

Jul 12, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.5

Jun 3, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.4

May 6, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.3

Apr 1, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.2

Mar 11, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16.1

Mar 10, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16

Feb 16, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

Changes in this version

+ func WalkDir(root string, fn fs.WalkDirFunc) error

go1.16rc1

Jan 27, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.16beta1

Dec 17, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.15

Aug 4, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.14

Jul 12, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.13

Jun 3, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.12

May 6, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.11

Apr 1, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.10

Mar 11, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.9

Mar 10, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.8

Feb 4, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.7

Jan 19, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.6

Dec 3, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.5

Nov 12, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.4

Nov 5, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.3

Oct 14, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.2

Sep 9, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15.1

Sep 1, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15

Aug 11, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15rc2

Aug 7, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15rc1

Jul 24, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.15beta1

Jun 10, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.15

Feb 4, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.14

Jan 19, 2021 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.13

Dec 3, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.12

Nov 12, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.11

Nov 5, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.10

Oct 14, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.9

Sep 9, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.8

Sep 1, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.7

Aug 6, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.6

Jul 16, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.5

Jul 14, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.4

Jun 1, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.3

May 14, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.2

Apr 8, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14.1

Mar 19, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14

Feb 25, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14rc1

Feb 5, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.14beta1

Dec 17, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.15

Aug 6, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.14

Jul 16, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.13

Jul 14, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.12

Jun 1, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.11

May 14, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.10

Apr 8, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.9

Mar 19, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.8

Feb 12, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.7

Jan 27, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.6

Jan 9, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.5

Dec 4, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.4

Oct 31, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.3

Oct 17, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.2

Oct 17, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13.1

Sep 25, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13

Sep 3, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13rc2

Aug 29, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13rc1

Aug 21, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.13beta1

Jun 26, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.17

Feb 12, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.16

Jan 27, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.15

Jan 9, 2020 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.14

Dec 4, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.13

Oct 31, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.12

Oct 17, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.11

Oct 17, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.10

Sep 25, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.9

Aug 15, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.8

Aug 13, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.7

Jul 8, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.6

Jun 11, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.5

May 6, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.4

Apr 11, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.3

Apr 8, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.2

Apr 5, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12.1

Mar 14, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12

Feb 25, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12rc1

Feb 11, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12beta2

Jan 10, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.12beta1

Dec 18, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.13

Aug 13, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.12

Jul 8, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.11

Jun 11, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.10

May 6, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.9

Apr 11, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.8

Apr 8, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.7

Apr 5, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.6

Mar 14, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.5

Jan 23, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.4

Dec 14, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.3

Dec 13, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.2

Nov 2, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11.1

Oct 1, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11

Aug 24, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

Changes in this version

+ func HasPrefix(p, prefix string) bool — js/wasm

+ func IsAbs(path string) bool — js/wasm

go1.11rc2

Aug 22, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11rc1

Aug 13, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11beta3

Aug 3, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11beta2

Jul 19, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.11beta1

Jun 26, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.8

Jan 23, 2019 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.7

Dec 14, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.6

Dec 13, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.5

Nov 2, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.4

Aug 24, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.3

Jun 6, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.2

Apr 30, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10.1

Mar 29, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10

Feb 16, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10rc2

Feb 7, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10rc1

Jan 25, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10beta2

Jan 11, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.10beta1

Dec 7, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9.7

Jun 6, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9.6

Apr 30, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9.5

Mar 29, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9.4

Feb 7, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9.3

Jan 22, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9.2

Oct 25, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9.1

Oct 4, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9

Aug 24, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9rc2

Aug 7, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9rc1

Jul 24, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9beta2

Jun 26, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.9beta1

Jun 14, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.7

Feb 7, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.6

Jan 23, 2018 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.5

Oct 25, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.5rc5

Oct 25, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.5rc4

Oct 20, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.4

Oct 4, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.3

May 24, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.2

May 23, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8.1

Apr 7, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8

Feb 16, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8rc3

Jan 26, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8rc2

Jan 19, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8rc1

Jan 10, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8beta2

Dec 15, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.8beta1

Dec 1, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7.6

May 23, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7.5

Jan 26, 2017 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7.4

Dec 1, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7.3

Oct 19, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7.2

Oct 17, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7.1

Sep 7, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7

Aug 15, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7rc6

Aug 8, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7rc5

Aug 2, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7rc4

Aug 2, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7rc3

Jul 21, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7rc2

Jul 18, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7rc1

Jul 8, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7beta2

Jun 16, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.7beta1

Jun 2, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6.4

Dec 1, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6.3

Jul 18, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6.2

Apr 19, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6.1

Apr 11, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6

Feb 17, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6rc2

Feb 3, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6rc1

Jan 28, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6beta2

Jan 13, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.6beta1

Dec 17, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5.4

Apr 11, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5.3

Jan 13, 2016 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5.2

Dec 3, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5.1

Sep 9, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5

Aug 19, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5rc1

Aug 6, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5beta3

Jul 29, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5beta2

Jul 17, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.5beta1

Jul 7, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.4.3

Sep 23, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.4.2

Feb 18, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.4.1

Jan 15, 2015 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.4

Dec 11, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.4rc2

Dec 2, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.4rc1

Nov 17, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.4beta1

Oct 30, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3.3

Oct 1, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3.2

Sep 25, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3.1

Aug 13, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3

Jun 19, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3rc2

Jun 13, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3rc1

Jun 2, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3beta2

May 21, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.3beta1

Apr 22, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.2.2

May 5, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.2.1

Mar 3, 2014 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.2

Nov 28, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.2rc5

Nov 18, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.2rc4

Nov 13, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.2rc3

Nov 1, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.2rc2

Oct 18, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.1.2

Aug 13, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.1.1

Jun 13, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.1

May 13, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

Changes in this version

+ func VolumeName(path string) (v string) — js/wasm

go1.1rc3

May 8, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.1rc2

May 7, 2013 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.0.3

Sep 21, 2012 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.0.2

Jun 14, 2012 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1.0.1

Apr 26, 2012 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

go1

Mar 28, 2012 GO-2022-0522GO-2022-0533GO-2023-1568

GO-2022-0522: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

GO-2022-0533: On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean(`.\c:`) returns `c:`.

GO-2023-1568: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

Changes in this version

+ const ListSeparator

+ const Separator

+ var ErrBadPattern = errors.New("syntax error in pattern")

+ var SkipDir = errors.New("skip this directory")

+ func Abs(path string) (string, error)

+ func Base(path string) string

+ func Clean(path string) string

+ func Dir(path string) string

+ func EvalSymlinks(path string) (string, error)

+ func Ext(path string) string

+ func FromSlash(path string) string