CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 104 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47467 | — | Med | 0.42 | 6.5 | 0.01 | Nov 22, 2023 | Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | |
| CVE-2023-6015 | Hig | 0.42 | 7.5 | 0.04 | Nov 16, 2023 | MLflow allowed arbitrary files to be PUT onto the server. | ||
| CVE-2023-5245 | Hig | 0.42 | 7.5 | 0.01 | Nov 15, 2023 | FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the… | ||
| CVE-2023-34062 | — | Hig | 0.42 | 7.5 | 0.01 | Nov 15, 2023 | In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP… | |
| CVE-2023-46119 | Hig | 0.42 | 7.5 | 0.01 | Oct 25, 2023 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1. | ||
| CVE-2022-4244 | Hig | 0.42 | 7.5 | 0.01 | Sep 25, 2023 | A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file… | ||
| CVE-2023-4914 | — | Hig | 0.42 | 7.5 | 0.01 | Sep 12, 2023 | Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1. | |
| CVE-2023-40828 | — | Hig | 0.42 | 7.5 | 0.01 | Aug 28, 2023 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. | |
| CVE-2023-40827 | — | Hig | 0.42 | 7.5 | 0.01 | Aug 28, 2023 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. | |
| CVE-2023-40274 | — | Hig | 0.42 | 7.5 | 0.01 | Aug 14, 2023 | An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of… | |
| CVE-2023-37896 | Hig | 0.42 | 7.5 | 0.01 | Aug 4, 2023 | Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading… | ||
| CVE-2023-3813 | Hig | 0.42 | 7.5 | 0.01 | Jul 21, 2023 | The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The… | ||
| CVE-2023-37960 | Med | 0.42 | 6.5 | 0.01 | Jul 12, 2023 | Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. | ||
| CVE-2023-36827 | Hig | 0.42 | 7.5 | 0.01 | Jul 5, 2023 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version… | ||
| CVE-2023-29159 | Hig | 0.42 | 7.5 | 0.02 | Jun 1, 2023 | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | ||
| CVE-2023-32309 | Hig | 0.42 | 7.5 | 0.02 | May 15, 2023 | PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<--"/etc/passwd"` or `--8<--"/proc/self/environ"` the content of these files will… | ||
| CVE-2023-30172 | — | Hig | 0.42 | 7.5 | 0.01 | May 11, 2023 | A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | |
| CVE-2023-30620 | Hig | 0.42 | 7.5 | 0.01 | Apr 21, 2023 | mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended… | ||
| CVE-2022-3162 | Med | 0.42 | 6.5 | 0.01 | Mar 1, 2023 | Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+… | ||
| CVE-2022-25936 | — | Hig | 0.42 | 7.5 | 0.01 | Jan 30, 2023 | Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. |
- risk 0.42cvss 6.5epss 0.01
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
- risk 0.42cvss 7.5epss 0.04
MLflow allowed arbitrary files to be PUT onto the server.
- risk 0.42cvss 7.5epss 0.01
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the…
- risk 0.42cvss 7.5epss 0.01
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP…
- risk 0.42cvss 7.5epss 0.01
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
- risk 0.42cvss 7.5epss 0.01
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file…
- risk 0.42cvss 7.5epss 0.01
Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.
- risk 0.42cvss 7.5epss 0.01
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
- risk 0.42cvss 7.5epss 0.01
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of…
- risk 0.42cvss 7.5epss 0.01
Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading…
- risk 0.42cvss 7.5epss 0.01
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The…
- risk 0.42cvss 6.5epss 0.01
Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.
- risk 0.42cvss 7.5epss 0.01
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version…
- risk 0.42cvss 7.5epss 0.02
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
- risk 0.42cvss 7.5epss 0.02
PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<--"/etc/passwd"` or `--8<--"/proc/self/environ"` the content of these files will…
- risk 0.42cvss 7.5epss 0.01
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
- risk 0.42cvss 7.5epss 0.01
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended…
- risk 0.42cvss 6.5epss 0.01
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+…
- risk 0.42cvss 7.5epss 0.01
Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.