VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 125 of 275
  • CVE-2021-32633MedMay 21, 2021
    risk 0.37cvss 6.8epss 0.02

    Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through…

  • CVE-2021-21284MedFeb 2, 2021
    risk 0.37cvss 6.8epss 0.01

    In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host…

  • CVE-2018-1000161MedApr 18, 2018
    risk 0.37cvss 5.7epss 0.01

    nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script…

  • CVE-2017-15532MedDec 20, 2017
    risk 0.37cvss 5.7epss 0.01

    Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to…

  • CVE-2017-12285MedOct 19, 2017
    risk 0.37cvss 5.3epss 0.37

    A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform…

  • CVE-2017-11348MedJul 17, 2017
    risk 0.37cvss 5.7epss 0.01

    In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.

  • CVE-2016-5941MedFeb 1, 2017
    risk 0.37cvss 5.7epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

  • CVE-2016-2205MedJul 12, 2016
    risk 0.37cvss 5.7epss 0.02

    Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6…

  • CVE-2025-24268MedJun 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.

  • CVE-2026-49219MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue…

  • CVE-2026-34657MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this…

  • CVE-2026-41612MedMay 12, 2026
    risk 0.36cvss 5.5epss 0.01

    Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

  • CVE-2026-6941MedApr 23, 2026
    risk 0.36cvss 6.6epss 0.00

    radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a…

  • CVE-2026-35363MedApr 22, 2026
    risk 0.36cvss 5.6epss 0.00

    A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An…

  • CVE-2019-25577MedMar 21, 2026
    risk 0.36cvss 5.5epss 0.01

    SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or…

  • CVE-2026-21991MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.

  • CVE-2026-21001MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

  • CVE-2026-21000MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

  • CVE-2026-20653MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access…

  • CVE-2026-20625MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.