Q0Jt

**Name of the Vulnerable Software and Affected Versions** go.dev (affected versions not specified) **Description** The issue concerns the JoinPath and URL.JoinPath functions, which do not remove ../ path elements appended to a relative path as expected. This is contrary to the documentation, which states that ../ path elements should be removed from the result. For instance, JoinPath("https://go.dev", "../go") returns "https://go.dev/../go". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.