CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 235 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52293 | 0.00 | — | 0.01 | Nov 13, 2024 | Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in… | |||
| CVE-2024-48510 | 0.00 | — | 0.02 | Nov 13, 2024 | Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||
| CVE-2024-43440 | 0.00 | — | 0.01 | Nov 7, 2024 | A flaw was found in moodle. A local file may include risks when restoring block backups. | |||
| CVE-2024-43434 | 0.00 | — | 0.01 | Nov 7, 2024 | The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability. | |||
| CVE-2024-51751 | 0.00 | — | 0.01 | Nov 6, 2024 | Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to… | |||
| CVE-2024-10389 | — | 0.00 | — | 0.00 | Nov 4, 2024 | There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past… | ||
| CVE-2024-10005 | 0.00 | — | 0.01 | Oct 30, 2024 | A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. | |||
| CVE-2024-7774 | 0.00 | — | 0.01 | Oct 29, 2024 | A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is… | |||
| CVE-2024-49766 | 0.00 | — | 0.01 | Oct 25, 2024 | Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended… | |||
| CVE-2024-48224 | 0.00 | — | 0.01 | Oct 25, 2024 | Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | |||
| CVE-2024-49760 | 0.00 | — | 0.01 | Oct 24, 2024 | OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`. But when doing so in versions prior to 3.8.3, it… | |||
| CVE-2024-47883 | 0.00 | — | 0.02 | Oct 24, 2024 | The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these… | |||
| CVE-2024-46212 | — | 0.00 | — | 0.01 | Oct 16, 2024 | An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | ||
| CVE-2024-47877 | 0.00 | — | 0.01 | Oct 11, 2024 | Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then… | |||
| CVE-2024-6971 | — | 0.00 | — | 0.00 | Oct 11, 2024 | A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as… | ||
| CVE-2024-47868 | 0.00 | — | 0.01 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting… | |||
| CVE-2024-47164 | 0.00 | — | 0.01 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed… | |||
| CVE-2024-47166 | 0.00 | — | 0.00 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by… | |||
| CVE-2024-7037 | 0.00 | — | 0.01 | Oct 9, 2024 | In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially… | |||
| CVE-2024-9675 | 0.00 | — | 0.00 | Oct 9, 2024 | A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as… |
- CVE-2024-52293Nov 13, 2024risk 0.00cvss —epss 0.01
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in…
- CVE-2024-48510Nov 13, 2024risk 0.00cvss —epss 0.02
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- CVE-2024-43440Nov 7, 2024risk 0.00cvss —epss 0.01
A flaw was found in moodle. A local file may include risks when restoring block backups.
- CVE-2024-43434Nov 7, 2024risk 0.00cvss —epss 0.01
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
- CVE-2024-51751Nov 6, 2024risk 0.00cvss —epss 0.01
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to…
- CVE-2024-10389Nov 4, 2024risk 0.00cvss —epss 0.00
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past…
- CVE-2024-10005Oct 30, 2024risk 0.00cvss —epss 0.01
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
- CVE-2024-7774Oct 29, 2024risk 0.00cvss —epss 0.01
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is…
- CVE-2024-49766Oct 25, 2024risk 0.00cvss —epss 0.01
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended…
- CVE-2024-48224Oct 25, 2024risk 0.00cvss —epss 0.01
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
- CVE-2024-49760Oct 24, 2024risk 0.00cvss —epss 0.01
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`. But when doing so in versions prior to 3.8.3, it…
- CVE-2024-47883Oct 24, 2024risk 0.00cvss —epss 0.02
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these…
- CVE-2024-46212Oct 16, 2024risk 0.00cvss —epss 0.01
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.
- CVE-2024-47877Oct 11, 2024risk 0.00cvss —epss 0.01
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then…
- CVE-2024-6971Oct 11, 2024risk 0.00cvss —epss 0.00
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as…
- CVE-2024-47868Oct 10, 2024risk 0.00cvss —epss 0.01
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting…
- CVE-2024-47164Oct 10, 2024risk 0.00cvss —epss 0.01
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed…
- CVE-2024-47166Oct 10, 2024risk 0.00cvss —epss 0.00
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by…
- CVE-2024-7037Oct 9, 2024risk 0.00cvss —epss 0.01
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially…
- CVE-2024-9675Oct 9, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as…