AZL-66131

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66131.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-66131

Upstream

CVE-2025-47906

Published

2025-09-18T19:15:37Z

Modified

2026-04-01T05:20:42.231966Z

Summary

CVE-2025-47906 affecting package golang for versions less than 1.24.6-1

Details

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47906

Affected packages

Azure Linux:3 / golang

Package

Name: golang
Purl: pkg:rpm/azure-linux/golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66131.json"