Back to bug 2203008
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-05-11 03:55:53 UTC | CC | amctagga, aoconnor, asm, bniver, bodavis, dbenoit, emachado, flucifre, gmeno, mbenjamin, mhackett, mnewsome, sipoyare, sostapov, tstellar, vereddy | |
| TEJ RATHI | 2023-05-11 04:09:38 UTC | CC | abishop, alakatos, ansmith, apevec, aveerama, bbaude, bbuckingham, bcl, bcourt, chazlett, cwelton, davidn, dcadzow, debarshir, desktop-qa-list, dkenigsb, dsimansk, dwalsh, eglynn, ehelms, ellin, epacific, fdeutsch, grafana-maint, jaharrin, jburrell, jcammara, jeder, jhardy, jjoyce, jkurik, jligon, jneedle, jnovy, jobarker, joelsmith, jsherril, lball, lhh, lsm5, lzap, mabashia, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mmagr, mokumar, myarboro, nathans, nbecker, nmoumoul, nobody, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, pcreech, pehunt, pjindal, pthomas, rchan, rgarg, rhcos-sst, rhos-maint, rhuss, rrajasek, rsroka, saroy, scorneli, scox, sgott, shbose, simaishi, skontopo, smcdonal, smullick, spower, teagle, tsweeney, ubhargav, umohnani, vkareh, vrothber, yguenane, zsadeh | |
| TEJ RATHI | 2023-05-11 04:09:55 UTC | CC | aazores, amasferr, bdettelb, dymurray, eaguilar, ebaron, gparvin, ibolton, jcantril, jkang, jkoehler, jmatthew, jmontleo, jpallich, lmadsen, mkudlej, mrajanna, mrunge, mwringe, nboldt, njean, owatkins, pahickey, periklis, rjohnson, sfroberg, slucidi, sseago, stcannon, tjochec, whayutin | |
| TEJ RATHI | 2023-05-11 04:10:31 UTC | CC | jwendell, rcernich, twalsh | |
| Avinash Hanwate | 2023-05-11 07:44:54 UTC | CC | dfreiber, rogbas, vkumar | |
| Doc Text | Go could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests by the filepath.Clean on Windows package. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||
| RaTasha Tillery-Smith | 2023-05-11 11:49:02 UTC | Doc Text | Go could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests by the filepath.Clean on Windows package. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | A flaw was found in Go, where it could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests by the filepath.Clean on Windows package. This flaw allows an attacker to send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. |
| Victor Kareh | 2023-05-11 12:51:34 UTC | CC | vkareh | |
| Red Hat Bugzilla | 2023-05-15 18:03:55 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-05-15 18:50:42 UTC | CC | dcadzow | |
| Red Hat Bugzilla | 2023-05-16 09:27:33 UTC | CC | mokumar | |
| Avinash Hanwate | 2023-05-17 07:18:31 UTC | Fixed In Version | Go 1.20.1, Go 1.19.6 | |
| errata-xmlrpc | 2023-05-30 20:14:13 UTC | Link ID | Red Hat Product Errata RHSA-2023:3304 | |
| Product Security DevOps Team | 2023-05-31 01:13:36 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-05-31 01:13:36 UTC | |||
| errata-xmlrpc | 2023-06-07 02:02:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:3366 | |
| Nick Tait | 2023-08-10 01:30:51 UTC | Flags | needinfo?(tsweeney) | |
| Tom Sweeney | 2023-08-10 21:43:28 UTC | Flags | needinfo?(tsweeney) |
Back to bug 2203008