Vulnerability Report: GO-2022-0230
- CVE-2021-20206, GHSA-xjqr-g762-pxwp
- Affects: github.com/containernetworking/cni
- Published: Jul 01, 2022
- Modified: Jun 12, 2023
The FindInPath function is vulnerable to directory traversal attacks, potentially permitting attackers to execute arbitrary binaries. This function does not sanitize its plugin parameter, so parameter names containing "../" or other such elements may reference arbitrary locations on the filesystem.
Affected Packages
-
PathVersionsSymbols
-
before v0.8.1
5 affected symbols
Aliases
References
- https://github.com/containernetworking/cni/pull/808
- https://bugzilla.redhat.com/show_bug.cgi?id=1919391
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549
- https://vuln.go.dev/ID/GO-2022-0230.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.