GHSA-xcgv-8mv7-v8c7HighCVSS 7.8

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of...

Published
July 8, 2026
Last Modified
July 8, 2026

🔗 CVE IDs covered (1)

📋 Description

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

🔗 References (6)