CVE-2024-27102: Go Safepath Toctou Symlink Escape
A path returned by SafePath() is consumed by a path-based os.* / syscall operation. The validator resolves symlinks once (e.g. via filepath.EvalSymlinks) but the subsequent syscall re-resolves every component, creating a TOCTOU window an attacker can exploit by swapping a symlink between check and use to escape a sandbox root (CVE-2024-27102). Use an atomic
greprules fetch cve-2024-27102-go-safepath-toctou-symlink-escape --engine opengrepDescription
A path returned by SafePath() is consumed by a path-based os.* / syscall operation. The validator resolves symlinks once (e.g. via filepath.EvalSymlinks) but the subsequent syscall re-resolves every component, creating a TOCTOU window an attacker can exploit by swapping a symlink between check and use to escape a sandbox root (CVE-2024-27102). Use an atomic
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.