net/url

Laravel Tech Community

Sep 20, 2022 · Information Security

Path Traversal Vulnerability in Go net/url (CVE-2022-32190)

The Go net/url package contains a path traversal flaw (CVE-2022-32190) where JoinPath fails to strip "../" segments, allowing attackers to access sensitive files, affecting versions prior to 1.18.6 and 1.19.1, and can be mitigated by upgrading to the patched releases.