VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 238 of 275
  • CVE-2024-36116Jun 19, 2024
    risk 0.00cvss epss 0.01

    Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller…

  • CVE-2024-5154Jun 12, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

  • CVE-2024-5187Jun 6, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any…

  • CVE-2024-3429Jun 6, 2024
    risk 0.00cvss epss 0.28

    A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running…

  • CVE-2024-2928Jun 6, 2024
    risk 0.00cvss epss 0.22

    A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as…

  • CVE-2024-0520Jun 6, 2024
    risk 0.00cvss epss 0.02

    A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a…

  • CVE-2024-5550Jun 6, 2024
    risk 0.00cvss epss 0.01

    In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue…

  • CVE-2024-4881Jun 6, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing…

  • CVE-2024-4941Jun 6, 2024
    risk 0.00cvss epss 0.01

    A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as…

  • CVE-2024-37152Jun 6, 2024
    risk 0.00cvss epss 0.02

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This…

  • CVE-2024-37273Jun 4, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-5273May 24, 2024
    risk 0.00cvss epss 0.01

    Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the…

  • CVE-2024-3848May 16, 2024
    risk 0.00cvss epss 0.43

    A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the…

  • CVE-2024-34082May 15, 2024
    risk 0.00cvss epss 0.03

    Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret,…

  • CVE-2024-32869Apr 23, 2024
    risk 0.00cvss epss 0.01

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7…

  • CVE-2024-31450Apr 19, 2024
    risk 0.00cvss epss 0.01

    Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are…

  • CVE-2024-1132Apr 17, 2024
    risk 0.00cvss epss 0.02

    A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks.…

  • CVE-2024-3571Apr 16, 2024
    risk 0.00cvss epss 0.02

    langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem,…

  • CVE-2024-1558Apr 16, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that…

  • CVE-2024-1594Apr 16, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to…