VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 235 of 275
  • CVE-2024-52293Nov 13, 2024
    risk 0.00cvss epss 0.01

    Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in…

  • CVE-2024-48510Nov 13, 2024
    risk 0.00cvss epss 0.02

    Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2024-43440Nov 7, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in moodle. A local file may include risks when restoring block backups.

  • CVE-2024-43434Nov 7, 2024
    risk 0.00cvss epss 0.01

    The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.

  • CVE-2024-51751Nov 6, 2024
    risk 0.00cvss epss 0.01

    Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to…

  • CVE-2024-10389Nov 4, 2024
    risk 0.00cvss epss 0.00

    There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past…

  • CVE-2024-10005Oct 30, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

  • CVE-2024-7774Oct 29, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is…

  • CVE-2024-49766Oct 25, 2024
    risk 0.00cvss epss 0.01

    Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended…

  • CVE-2024-48224Oct 25, 2024
    risk 0.00cvss epss 0.01

    Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.

  • CVE-2024-49760Oct 24, 2024
    risk 0.00cvss epss 0.01

    OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`. But when doing so in versions prior to 3.8.3, it…

  • CVE-2024-47883Oct 24, 2024
    risk 0.00cvss epss 0.02

    The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these…

  • CVE-2024-46212Oct 16, 2024
    risk 0.00cvss epss 0.01

    An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.

  • CVE-2024-47877Oct 11, 2024
    risk 0.00cvss epss 0.01

    Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then…

  • CVE-2024-6971Oct 11, 2024
    risk 0.00cvss epss 0.00

    A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as…

  • CVE-2024-47868Oct 10, 2024
    risk 0.00cvss epss 0.01

    Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting…

  • CVE-2024-47164Oct 10, 2024
    risk 0.00cvss epss 0.01

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed…

  • CVE-2024-47166Oct 10, 2024
    risk 0.00cvss epss 0.00

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by…

  • CVE-2024-7037Oct 9, 2024
    risk 0.00cvss epss 0.01

    In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially…

  • CVE-2024-9675Oct 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as…