VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 105 of 275
  • CVE-2022-25882HigJan 26, 2023
    risk 0.42cvss 7.5epss 0.02

    Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"

  • CVE-2020-36559HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

  • CVE-2019-25073HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.

  • CVE-2022-34662MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.01

    When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher

  • CVE-2022-3389HigOct 6, 2022
    risk 0.42cvss 7.5epss 0.01

    Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.

  • CVE-2022-40082HigSep 28, 2022
    risk 0.42cvss 7.5epss 0.01

    Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.

  • CVE-2022-39261HigSep 28, 2022
    risk 0.42cvss 7.5epss 0.01

    Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read…

  • CVE-2022-37423HigAug 12, 2022
    risk 0.42cvss 7.5epss 0.01

    Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.

  • CVE-2022-31163HigJul 22, 2022
    risk 0.42cvss 7.5epss 0.02

    TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the…

  • CVE-2022-34179HigJun 23, 2022
    risk 0.42cvss 7.5epss 0.02

    Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without…

  • CVE-2022-34177HigJun 23, 2022
    risk 0.42cvss 7.5epss 0.01

    Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related…

  • CVE-2022-25856HigJun 17, 2022
    risk 0.42cvss 7.5epss 0.02

    The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link…

  • CVE-2022-24278HigJun 10, 2022
    risk 0.42cvss 7.5epss 0.02

    The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.

  • CVE-2022-23082HigMay 31, 2022
    risk 0.42cvss 7.5epss 0.01

    In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

  • CVE-2022-30428HigMay 25, 2022
    risk 0.42cvss 7.5epss 0.01

    In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.

  • CVE-2022-30427HigMay 25, 2022
    risk 0.42cvss 7.5epss 0.01

    In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.

  • CVE-2022-30948HigMay 17, 2022
    risk 0.42cvss 7.5epss 0.01

    Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

  • CVE-2022-30947HigMay 17, 2022
    risk 0.42cvss 7.5epss 0.01

    Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

  • CVE-2022-1554HigMay 3, 2022
    risk 0.42cvss 7.5epss 0.01

    Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.

  • CVE-2022-24897HigMay 2, 2022
    risk 0.42cvss 7.5epss 0.01

    APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations…