VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 239 of 275
  • CVE-2024-1593Apr 16, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files…

  • CVE-2024-1560Apr 16, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and…

  • CVE-2024-1728Apr 10, 2024
    risk 0.00cvss epss 0.85

    gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating…

  • CVE-2024-31860Apr 9, 2024
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are…

  • CVE-2024-29196Mar 26, 2024
    risk 0.00cvss epss 0.01

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability…

  • CVE-2024-27921Mar 21, 2024
    risk 0.00cvss epss 0.61

    Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical…

  • CVE-2024-29180Mar 21, 2024
    risk 0.00cvss epss 0.01

    Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can…

  • CVE-2023-41877Mar 20, 2024
    risk 0.00cvss epss 0.01

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for…

  • CVE-2024-27102Mar 13, 2024
    risk 0.00cvss epss 0.01

    Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but…

  • CVE-2024-27317Mar 12, 2024
    risk 0.00cvss epss 0.57

    In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when…

  • CVE-2024-0818Mar 7, 2024
    risk 0.00cvss epss 0.01

    Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

  • CVE-2024-28151Mar 6, 2024
    risk 0.00cvss epss 0.01

    Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists,…

  • CVE-2024-22723Feb 28, 2024
    risk 0.00cvss epss 0.01

    Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the…

  • CVE-2024-27081Feb 26, 2024
    risk 0.00cvss epss 0.02

    ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the…

  • CVE-2024-27318Feb 23, 2024
    risk 0.00cvss epss 0.01

    Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass…

  • CVE-2024-26150Feb 23, 2024
    risk 0.00cvss epss 0.01

    `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not…

  • CVE-2022-25377Feb 22, 2024
    risk 0.00cvss epss 0.01

    The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is…

  • CVE-2024-26129Feb 19, 2024
    risk 0.00cvss epss 0.01

    PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.

  • CVE-2023-49508Feb 16, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.

  • CVE-2024-25620Feb 14, 2024
    risk 0.00cvss epss 0.01

    Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected…