Approved changes feed: RSS · Atom
cpe:2.3:a:go_standard_library:os:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Go Standard Library (50bc78d3-15d0-59a4-bc22-a964570e0614) |
|---|---|
| Product | Os (7645c8dd-0dd0-5e27-89f7-936caca8c135) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-27139 |
vulnerable | 2026-06-03 15:18:06.075168 |
FileInfo can escape from a Root in os
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
Published: 2026-03-06T21:28:14.451Z
Updated: 2026-03-09T14:53:58.363Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22873 |
vulnerable | 2026-06-03 14:59:41.687650 |
Improper access to parent directory of root in os
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
Published: 2026-02-04T23:05:24.803Z
Updated: 2026-02-05T15:03:55.451Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0913 |
vulnerable | 2026-06-03 14:58:33.213990 |
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Published: 2025-06-11T17:17:25.606Z
Updated: 2025-06-11T17:37:52.111Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41720 |
vulnerable | 2026-06-03 14:48:05.892183 |
Restricted file access on Windows in os and net/http
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
Published: 2022-12-07T16:11:18.867Z
Updated: 2025-04-23T15:43:46.208Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.