CVE-2025-22873 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Directory traversal |
| Description | It was possible to improperly access the parent directory of a restricted filesystem root created with os.DirFS. Calling Open("../") on such a filesystem could open the parent directory itself, violating expected directory confinement. This escape did not allow access to ancestor directories beyond the parent, nor to files within the parent directory.
This behavior has been corrected to return an error for such paths. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2878 | go | 2:1.24.2-1 | 2:1.24.3-1 | Low | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 19 May 2025 | ASA-202505-12 | AVG-2878 | go | Low | directory traversal |
| References |
|---|
https://github.com/golang/go/issues/73555 https://go.dev/doc/devel/release#go1.24.3 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ?pli=1 |