VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 149 of 275
  • CVE-2025-2215MedMar 12, 2025
    risk 0.31cvss 4.7epss 0.01

    A vulnerability classified as critical was found in Doufox up to 0.2.0. Affected by this vulnerability is an unknown functionality of the file /?s=doudou&c=file&a=list. The manipulation of the argument dir leads to path traversal. The attack can be launched remotely. The exploit…

  • CVE-2025-27098MedFeb 20, 2025
    risk 0.31cvss 5.8epss 0.00

    GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file…

  • CVE-2024-27821MedMay 14, 2024
    risk 0.31cvss 4.7epss 0.01

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent.

  • CVE-2024-30254MedApr 4, 2024
    risk 0.31cvss 5.8epss 0.00

    MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp…

  • CVE-2024-26129MedFeb 19, 2024
    risk 0.31cvss 5.8epss 0.01

    PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.

  • CVE-2022-23531MedDec 17, 2022
    risk 0.31cvss 5.8epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary…

  • CVE-2022-23530MedDec 16, 2022
    risk 0.31cvss 5.8epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without…

  • CVE-2021-32643MedMay 27, 2021
    risk 0.31cvss 5.8epss 0.01

    Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F[None]`, indicating no…

  • CVE-2020-36321MedApr 23, 2021
    risk 0.31cvss 5.9epss 0.01

    Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.

  • CVE-2020-8568MedJan 21, 2021
    risk 0.31cvss 5.8epss 0.01

    Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under…

  • CVE-2018-8889MedSep 19, 2018
    risk 0.31cvss 4.7epss 0.00

    A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.

  • CVE-2018-1000532MedJun 26, 2018
    risk 0.31cvss 4.7epss 0.00

    beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must…

  • CVE-2018-5448MedMay 4, 2018
    risk 0.31cvss 4.8epss 0.01

    Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.

  • CVE-2026-40605MedJun 4, 2026
    risk 0.30cvss epss 0.00

    Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary…

  • CVE-2026-22625MedJan 30, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.

  • CVE-2024-25125MedFeb 14, 2024
    risk 0.30cvss 5.3epss 0.30

    Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This…

  • CVE-2024-24565MedJan 30, 2024
    risk 0.30cvss 5.7epss 0.03

    CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated…

  • CVE-2023-51449MedDec 22, 2023
    risk 0.30cvss 5.6epss 0.02

    Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them…

  • CVE-2023-3348MedAug 3, 2023
    risk 0.30cvss 5.7epss 0.01

    The Wrangler command line tool  (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim…

  • CVE-2022-41231MedSep 21, 2022
    risk 0.30cvss 5.7epss 0.01

    Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.