VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5hmn-pv5e-aaad

Essentials
Severities (97)
References (28)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-5hmn-pv5e-aaad
Aliases	CVE-2022-32190
Summary	JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
Status	Published
Exploitability	0.5
Weighted Severity	7.1
Risk	3.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0485
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0485
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32190.json
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2022-32190
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2124668
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
generic_textual	HIGH	https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-32190
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-32190
cvssv3.1	7.5	https://security.gentoo.org/glsa/202209-26
generic_textual	HIGH	https://security.gentoo.org/glsa/202209-26

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32190.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-32190
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://go.dev/cl/423514
		https://go.dev/issue/54385
		https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/
		https://pkg.go.dev/vuln/GO-2022-0988
		https://security.gentoo.org/glsa/202209-26
2124668		https://bugzilla.redhat.com/show_bug.cgi?id=2124668
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
cpe:2.3:a:golang:go:1.19.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.19.0:-::::::
cpe:2.3:a:golang:go:1.19.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.19.0:beta1::::::
cpe:2.3:a:golang:go:1.19.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.19.0:rc1::::::
cpe:2.3:a:golang:go:1.19.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.19.0:rc2::::::
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
CVE-2022-32190		https://nvd.nist.gov/vuln/detail/CVE-2022-32190
RHSA-2022:7399		https://access.redhat.com/errata/RHSA-2022:7399
RHSA-2022:8634		https://access.redhat.com/errata/RHSA-2022:8634
RHSA-2023:0264		https://access.redhat.com/errata/RHSA-2023:0264
RHSA-2023:0584		https://access.redhat.com/errata/RHSA-2023:0584
RHSA-2023:0693		https://access.redhat.com/errata/RHSA-2023:0693
RHSA-2023:3204		https://access.redhat.com/errata/RHSA-2023:3204
RHSA-2023:3205		https://access.redhat.com/errata/RHSA-2023:3205
RHSA-2023:3613		https://access.redhat.com/errata/RHSA-2023:3613
RHSA-2023:3642		https://access.redhat.com/errata/RHSA-2023:3642
RHSA-2023:3742		https://access.redhat.com/errata/RHSA-2023:3742
RHSA-2024:0485		https://access.redhat.com/errata/RHSA-2024:0485

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:0485

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T14:09:02Z/ Found at https://access.redhat.com/errata/RHSA-2024:0485

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32190.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/golang-announce/c/x49AQzIVX-s

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32190

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32190

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202209-26

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19922
EPSS Score	0.00076
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.