The FindInPath function is vulnerable to directory traversal attacks, potentially permitting attackers to execute arbitrary binaries.
This function does not sanitize its plugin parameter, so parameter names containing "../" or other such elements may reference arbitrary locations on the filesystem.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0230" }