CVE-2022-29583

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions kardianos service package for Go (affected versions not specified)

Description The issue is related to the service windows.go file in the kardianos service package for Go, which omits quoting that is sometimes needed for the execution of a Windows service executable from the intended directory. The validity of this issue has been questioned, and the reporter has requested that it be disputed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Untrusted Search Path

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-78

Related Identifiers

CVE-2022-29583

GHSA-XM99-6PV5-Q363

Affected Products

Kardianos Service Package

CVE-2022-29583

Weakness Enumeration

Related Identifiers

Affected Products

References · 11