VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 104 of 275
  • CVE-2023-47467MedNov 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.

  • CVE-2023-6015HigNov 16, 2023
    risk 0.42cvss 7.5epss 0.04

    MLflow allowed arbitrary files to be PUT onto the server.

  • CVE-2023-5245HigNov 15, 2023
    risk 0.42cvss 7.5epss 0.01

    FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the…

  • CVE-2023-34062HigNov 15, 2023
    risk 0.42cvss 7.5epss 0.01

    In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP…

  • CVE-2023-46119HigOct 25, 2023
    risk 0.42cvss 7.5epss 0.01

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.

  • CVE-2022-4244HigSep 25, 2023
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file…

  • CVE-2023-4914HigSep 12, 2023
    risk 0.42cvss 7.5epss 0.01

    Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.

  • CVE-2023-40828HigAug 28, 2023
    risk 0.42cvss 7.5epss 0.01

    An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.

  • CVE-2023-40827HigAug 28, 2023
    risk 0.42cvss 7.5epss 0.01

    An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.

  • CVE-2023-40274HigAug 14, 2023
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of…

  • CVE-2023-37896HigAug 4, 2023
    risk 0.42cvss 7.5epss 0.01

    Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading…

  • CVE-2023-3813HigJul 21, 2023
    risk 0.42cvss 7.5epss 0.01

    The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The…

  • CVE-2023-37960MedJul 12, 2023
    risk 0.42cvss 6.5epss 0.01

    Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.

  • CVE-2023-36827HigJul 5, 2023
    risk 0.42cvss 7.5epss 0.01

    Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version…

  • CVE-2023-29159HigJun 1, 2023
    risk 0.42cvss 7.5epss 0.02

    Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

  • CVE-2023-32309HigMay 15, 2023
    risk 0.42cvss 7.5epss 0.02

    PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<--"/etc/passwd"` or `--8<--"/proc/self/environ"` the content of these files will…

  • CVE-2023-30172HigMay 11, 2023
    risk 0.42cvss 7.5epss 0.01

    A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

  • CVE-2023-30620HigApr 21, 2023
    risk 0.42cvss 7.5epss 0.01

    mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended…

  • CVE-2022-3162MedMar 1, 2023
    risk 0.42cvss 6.5epss 0.01

    Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+…

  • CVE-2022-25936HigJan 30, 2023
    risk 0.42cvss 7.5epss 0.01

    Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.