CVE-2026-24137: Unescaped Path Join File Op
Constucting a file path using `filepath.Join` with an unescaped function parameter and passing it to a file operation can lead to directory traversal attacks. Ensure the parameter is sanitized using `url.PathEscape()`, `filepath.Base()`, or explicitly validated to restrict paths to the intended base directory.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Goβ
Goβgreprules fetch cve-2026-24137-unescaped-path-join-file-op --engine opengrepDescription
Constucting a file path using `filepath.Join` with an unescaped function parameter and passing it to a file operation can lead to directory traversal attacks. Ensure the parameter is sanitized using `url.PathEscape()`, `filepath.Base()`, or explicitly validated to restrict paths to the intended base directory.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0