Version: latest

CVE-2022-32190

CVE Details

CVE-2022-32190

Last Update

10/14/24

NIST CVE Summary

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

Palette Enterprise 4.5.3
Palette VerteX 4.5.3

Revision History

1.0 10/14/24 Initial Publication
2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​