VDB

GCVE-110-MAGEIA-2022-356

GCVE-110-MAGEIA-2022-356
Advisory Published
Vulnetix · Advisory published October 5, 2022
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. (CVE-2022-27664) JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. (CVE-2022-32190)

Affected Products

VendorProductVersionsPlatforms
Mageiagolang0 (affected), 1.18.6-1.mga8 (unaffected)
AWSconnect

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›