CVE-2024-8244
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-06

Last updated on: 2025-11-03

Assigner: Go Project

Description
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-06
Last Modified
2025-11-03
Generated
2026-05-06
AI Q&A
2025-08-06
EPSS Evaluated
2026-05-05
NVD
CVE-2024-8244
EUVD
EUVD-2024-54850
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
golang go 1.20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the filepath.Walk and filepath.WalkDir functions, which are supposed to not follow symbolic links. However, they are vulnerable to a TOCTOU (time of check/time of use) race condition where part of the path being processed can be replaced with a symbolic link during the walk operation, potentially causing unexpected behavior.


How can this vulnerability impact me? :

The vulnerability can lead to unexpected traversal of symbolic links during file path walking, which might allow an attacker to manipulate the file paths being accessed. This could result in unauthorized access to files or directories, potentially leading to security breaches or data exposure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart