CVE-2022-30636

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-30636

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30636.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-30636

Aliases

GO-2024-2961

Downstream

DEBIAN-CVE-2022-30636

Published

2024-07-02T20:15:05Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/....\asd becomes ....\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix.

References

CVE-2022-30636

Affected packages