VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 166 of 275
  • CVE-2023-40587MedAug 25, 2023
    risk 0.21cvss 4.3epss 0.01

    Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory…

  • CVE-2023-34238MedJun 8, 2023
    risk 0.21cvss 4.3epss 0.01

    Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby…

  • CVE-2023-2196MedMay 16, 2023
    risk 0.21cvss 4.3epss 0.01

    A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.

  • CVE-2023-29200MedApr 25, 2023
    risk 0.21cvss 4.3epss 0.01

    Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should…

  • CVE-2023-30548MedApr 17, 2023
    risk 0.21cvss 4.3epss 0.01

    gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server…

  • CVE-2022-46959MedJan 23, 2023
    risk 0.21cvss 4.3epss 0.01

    An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.

  • CVE-2023-0290MedJan 18, 2023
    risk 0.21cvss 4.3epss 0.01

    Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the…

  • CVE-2021-3856MedAug 26, 2022
    risk 0.21cvss 4.3epss 0.01

    ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if…

  • CVE-2022-35204MedAug 18, 2022
    risk 0.21cvss 4.3epss 0.01

    Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

  • CVE-2022-25188MedFeb 15, 2022
    risk 0.21cvss 4.3epss 0.01

    Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the…

  • CVE-2022-23113MedJan 12, 2022
    risk 0.21cvss 4.3epss 0.01

    Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

  • CVE-2021-43815MedDec 10, 2021
    risk 0.21cvss 4.3epss 0.02

    Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and…

  • CVE-2021-39208MedSep 16, 2021
    risk 0.21cvss 4.3epss 0.01

    SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in…

  • CVE-2017-18196LowFeb 23, 2018
    risk 0.21cvss 3.3epss 0.00

    Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp…

  • CVE-2015-0269MedMay 26, 2017
    risk 0.21cvss 4.3epss 0.01

    Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

  • CVE-2014-9767MedMay 22, 2016
    risk 0.21cvss 4.3epss 0.05

    Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a…

  • CVE-2026-49009LowMay 27, 2026
    risk 0.20cvss 3.1epss 0.01

    Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.

  • CVE-2026-44298MedMay 8, 2026
    risk 0.20cvss 4.1epss 0.00

    Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upload PDF invoice templates, which can call pdfContext.setOption('associated_files'…

  • CVE-2026-3405LowMar 2, 2026
    risk 0.20cvss 3.1epss 0.01

    A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The attack is considered to have high…

  • CVE-2025-53906MedJul 15, 2025
    risk 0.20cvss 4.1epss 0.01

    Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction.…