CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 151 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14698 | Med | 0.29 | 4.4 | 0.00 | Dec 15, 2025 | A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched locally. The exploit has… | ||
| CVE-2025-6278 | Med | 0.29 | 5.5 | 0.01 | Jun 19, 2025 | A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and… | ||
| CVE-2025-6167 | Med | 0.29 | 5.5 | 0.01 | Jun 17, 2025 | A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this… | ||
| CVE-2025-22241 | Med | 0.29 | 5.6 | 0.00 | Jun 13, 2025 | File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization… | ||
| CVE-2024-24043 | Med | 0.29 | 5.5 | 0.00 | Mar 19, 2024 | Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file. | ||
| CVE-2023-43616 | — | Med | 0.29 | 5.5 | 0.00 | Sep 20, 2023 | An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction. | |
| CVE-2023-41057 | — | Med | 0.29 | 5.5 | 0.00 | Sep 4, 2023 | hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be… | |
| CVE-2023-37476 | Med | 0.29 | 5.5 | 0.01 | Jul 17, 2023 | OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all… | ||
| CVE-2023-0591 | Med | 0.29 | 5.5 | 0.00 | Jan 31, 2023 | ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact… | ||
| CVE-2020-36651 | Med | 0.29 | 5.5 | 0.01 | Jan 18, 2023 | A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is… | ||
| CVE-2015-10030 | — | Med | 0.29 | 5.5 | 0.01 | Jan 8, 2023 | A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this… | |
| CVE-2020-36629 | Med | 0.29 | 5.5 | 0.01 | Dec 25, 2022 | A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the… | ||
| CVE-2022-4065 | — | Med | 0.29 | 5.5 | 0.01 | Nov 19, 2022 | A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The… | |
| CVE-2022-0436 | — | Med | 0.29 | 5.5 | 0.01 | Apr 12, 2022 | Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. | |
| CVE-2022-23409 | — | Med | 0.29 | 4.9 | 0.14 | Jan 31, 2022 | The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | |
| CVE-2021-41087 | — | Med | 0.29 | 5.6 | 0.00 | Sep 21, 2021 | in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass… | |
| CVE-2021-23423 | — | Med | 0.29 | 5.5 | 0.01 | Aug 16, 2021 | This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output. | |
| CVE-2021-26028 | Med | 0.29 | 5.5 | 0.01 | Mar 4, 2021 | An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path. | ||
| CVE-2019-10743 | — | Med | 0.29 | 5.5 | 0.07 | Oct 29, 2019 | All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target… | |
| CVE-2019-18393 | — | Med | 0.29 | 5.3 | 0.14 | Oct 24, 2019 | PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. |
- risk 0.29cvss 4.4epss 0.00
A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched locally. The exploit has…
- risk 0.29cvss 5.5epss 0.01
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and…
- risk 0.29cvss 5.5epss 0.01
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this…
- risk 0.29cvss 5.6epss 0.00
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization…
- risk 0.29cvss 5.5epss 0.00
Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file.
- risk 0.29cvss 5.5epss 0.00
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.
- risk 0.29cvss 5.5epss 0.00
hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be…
- risk 0.29cvss 5.5epss 0.01
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all…
- risk 0.29cvss 5.5epss 0.00
ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact…
- risk 0.29cvss 5.5epss 0.01
A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is…
- risk 0.29cvss 5.5epss 0.01
A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this…
- risk 0.29cvss 5.5epss 0.01
A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the…
- risk 0.29cvss 5.5epss 0.01
A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The…
- risk 0.29cvss 5.5epss 0.01
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
- risk 0.29cvss 4.9epss 0.14
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.
- risk 0.29cvss 5.6epss 0.00
in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass…
- risk 0.29cvss 5.5epss 0.01
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output.
- risk 0.29cvss 5.5epss 0.01
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
- risk 0.29cvss 5.5epss 0.07
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target…
- risk 0.29cvss 5.3epss 0.14
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.