CVE-2024-8244 | THREATINT

Description

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.

PUBLISHED Reserved 2024-08-27 | Published 2025-08-06 | Updated 2025-11-03 | Assigner Go

Problem types

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Product status

Default status

affected

References

go.dev/issue/70007

pkg.go.dev/vuln/GO-2025-9999

cve.org (CVE-2024-8244)

nvd.nist.gov (CVE-2024-8244)

Download JSON