CVE-2022-32190
CVE Details
Last Update
10/14/24
NIST CVE Summary
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette Enterprise 4.5.3
- Palette VerteX 4.5.3
Revision History
- 1.0 10/14/24 Initial Publication
- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products