VDB
GCVE-110-MAGEIA-2022-356
GCVE-110-MAGEIA-2022-356
Advisory Published
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can
cause a denial of service because an HTTP/2 connection can hang during
closing if shutdown were preempted by a fatal error. (CVE-2022-27664)
JoinPath and URL.JoinPath do not remove ../ path elements appended to a
relative path. For example, JoinPath("https://go.dev", "../go") returns
the URL "https://go.dev/../go", despite the JoinPath documentation
stating that ../ path elements are removed from the result.
(CVE-2022-32190)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | golang | 0 (affected), 1.18.6-1.mga8 (unaffected) | — |
| AWS | connect | — | — |
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.