CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 105 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25882 | — | Hig | 0.42 | 7.5 | 0.02 | Jan 26, 2023 | Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | |
| CVE-2020-36559 | — | Hig | 0.42 | 7.5 | 0.01 | Dec 27, 2022 | Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | |
| CVE-2019-25073 | — | Hig | 0.42 | 7.5 | 0.01 | Dec 27, 2022 | Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory. | |
| CVE-2022-34662 | Med | 0.42 | 6.5 | 0.01 | Nov 1, 2022 | When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | ||
| CVE-2022-3389 | — | Hig | 0.42 | 7.5 | 0.01 | Oct 6, 2022 | Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. | |
| CVE-2022-40082 | — | Hig | 0.42 | 7.5 | 0.01 | Sep 28, 2022 | Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | |
| CVE-2022-39261 | Hig | 0.42 | 7.5 | 0.01 | Sep 28, 2022 | Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read… | ||
| CVE-2022-37423 | — | Hig | 0.42 | 7.5 | 0.01 | Aug 12, 2022 | Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | |
| CVE-2022-31163 | Hig | 0.42 | 7.5 | 0.02 | Jul 22, 2022 | TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the… | ||
| CVE-2022-34179 | Hig | 0.42 | 7.5 | 0.02 | Jun 23, 2022 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without… | ||
| CVE-2022-34177 | Hig | 0.42 | 7.5 | 0.01 | Jun 23, 2022 | Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related… | ||
| CVE-2022-25856 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 17, 2022 | The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link… | |
| CVE-2022-24278 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 10, 2022 | The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. | |
| CVE-2022-23082 | Hig | 0.42 | 7.5 | 0.01 | May 31, 2022 | In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | ||
| CVE-2022-30428 | — | Hig | 0.42 | 7.5 | 0.01 | May 25, 2022 | In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | |
| CVE-2022-30427 | — | Hig | 0.42 | 7.5 | 0.01 | May 25, 2022 | In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. | |
| CVE-2022-30948 | Hig | 0.42 | 7.5 | 0.01 | May 17, 2022 | Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||
| CVE-2022-30947 | Hig | 0.42 | 7.5 | 0.01 | May 17, 2022 | Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||
| CVE-2022-1554 | Hig | 0.42 | 7.5 | 0.01 | May 3, 2022 | Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. | ||
| CVE-2022-24897 | Hig | 0.42 | 7.5 | 0.01 | May 2, 2022 | APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations… |
- risk 0.42cvss 7.5epss 0.02
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
- risk 0.42cvss 7.5epss 0.01
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
- risk 0.42cvss 7.5epss 0.01
Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.
- risk 0.42cvss 6.5epss 0.01
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
- risk 0.42cvss 7.5epss 0.01
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.
- risk 0.42cvss 7.5epss 0.01
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.
- risk 0.42cvss 7.5epss 0.01
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read…
- risk 0.42cvss 7.5epss 0.01
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.
- risk 0.42cvss 7.5epss 0.02
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the…
- risk 0.42cvss 7.5epss 0.02
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without…
- risk 0.42cvss 7.5epss 0.01
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related…
- risk 0.42cvss 7.5epss 0.02
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link…
- risk 0.42cvss 7.5epss 0.02
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
- risk 0.42cvss 7.5epss 0.01
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.
- risk 0.42cvss 7.5epss 0.01
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.
- risk 0.42cvss 7.5epss 0.01
In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.
- risk 0.42cvss 7.5epss 0.01
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
- risk 0.42cvss 7.5epss 0.01
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
- risk 0.42cvss 7.5epss 0.01
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.
- risk 0.42cvss 7.5epss 0.01
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations…