CVE-2024-45339

HIGH 7.1

Vulnerability when creating log files in github.com/golang/glog

CVSS Score

7.1

EPSS Score

0.1%

EPSS Percentile

23th

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

Vendor	github.com/golang/glog
Product	github.com/golang/glog
Published	Jan 28, 2025
Last Updated	Apr 30, 2026

Stay Ahead of the Next One

Get instant alerts for github.com/golang/glog github.com/golang/glog

Be the first to know when new high vulnerabilities affecting github.com/golang/glog github.com/golang/glog are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

github.com/golang/glog / github.com/golang/glog

0 < 1.2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2 github.com: https://github.com/golang/glog/pull/74 groups.google.com: https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs owasp.org: https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File pkg.go.dev: https://pkg.go.dev/vuln/GO-2025-3372 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html

Credits

Josh McSavaney Günther Noack