x/vulndb: potential Go vuln in github.com/google/fscrypt: CVE-2022-25328

In [CVE-2022-25328](https://github.com/CVEProject/cvelist/tree/575ca99d839a3984901178083aafc296bfdce226/2022/25xxx/CVE-2022-25328.json), the reference URL [github.com/google/fscrypt](github.com/google/fscrypt) (and possibly others) refers to something in Go.
- PR: https://github.com/google/fscrypt/pull/346

```
module: github.com/google/fscrypt
package: fscrypt
description: |
    The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths.  We recommend upgrading to version 0.3.3 or above
cves:
  - CVE-2022-25328
credit: Matthias Gerstner of SUSE
links:
    pr: https://github.com/google/fscrypt/pull/346

```

See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/google/fscrypt: CVE-2022-25328 #248

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/google/fscrypt: CVE-2022-25328 #248

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions