On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack.
For example, Clean(".\c:") returns "c:".
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0533" }