VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 151 of 275
  • CVE-2025-14698MedDec 15, 2025
    risk 0.29cvss 4.4epss 0.00

    A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched locally. The exploit has…

  • CVE-2025-6278MedJun 19, 2025
    risk 0.29cvss 5.5epss 0.01

    A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and…

  • CVE-2025-6167MedJun 17, 2025
    risk 0.29cvss 5.5epss 0.01

    A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this…

  • CVE-2025-22241MedJun 13, 2025
    risk 0.29cvss 5.6epss 0.00

    File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization…

  • CVE-2024-24043MedMar 19, 2024
    risk 0.29cvss 5.5epss 0.00

    Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file.

  • CVE-2023-43616MedSep 20, 2023
    risk 0.29cvss 5.5epss 0.00

    An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.

  • CVE-2023-41057MedSep 4, 2023
    risk 0.29cvss 5.5epss 0.00

    hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be…

  • CVE-2023-37476MedJul 17, 2023
    risk 0.29cvss 5.5epss 0.01

    OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all…

  • CVE-2023-0591MedJan 31, 2023
    risk 0.29cvss 5.5epss 0.00

    ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact…

  • CVE-2020-36651MedJan 18, 2023
    risk 0.29cvss 5.5epss 0.01

    A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is…

  • CVE-2015-10030MedJan 8, 2023
    risk 0.29cvss 5.5epss 0.01

    A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this…

  • CVE-2020-36629MedDec 25, 2022
    risk 0.29cvss 5.5epss 0.01

    A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the…

  • CVE-2022-4065MedNov 19, 2022
    risk 0.29cvss 5.5epss 0.01

    A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The…

  • CVE-2022-0436MedApr 12, 2022
    risk 0.29cvss 5.5epss 0.01

    Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

  • CVE-2022-23409MedJan 31, 2022
    risk 0.29cvss 4.9epss 0.14

    The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.

  • CVE-2021-41087MedSep 21, 2021
    risk 0.29cvss 5.6epss 0.00

    in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass…

  • CVE-2021-23423MedAug 16, 2021
    risk 0.29cvss 5.5epss 0.01

    This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output.

  • CVE-2021-26028MedMar 4, 2021
    risk 0.29cvss 5.5epss 0.01

    An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

  • CVE-2019-10743MedOct 29, 2019
    risk 0.29cvss 5.5epss 0.07

    All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target…

  • CVE-2019-18393MedOct 24, 2019
    risk 0.29cvss 5.3epss 0.14

    PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.