VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 57 of 275
  • CVE-2022-45921HigNov 28, 2022
    risk 0.49cvss 7.5epss 0.01

    FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.

  • CVE-2022-45388HigNov 15, 2022
    risk 0.49cvss 7.5epss 0.01

    Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.

  • CVE-2022-42125HigNov 15, 2022
    risk 0.49cvss 7.5epss 0.01

    Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.

  • CVE-2022-42123HigNov 15, 2022
    risk 0.49cvss 7.5epss 0.01

    A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious…

  • CVE-2022-37866HigNov 7, 2022
    risk 0.49cvss 7.5epss 0.02

    When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which…

  • CVE-2022-32287HigNov 3, 2022
    risk 0.49cvss 7.5epss 0.02

    A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version…

  • CVE-2022-42188HigOct 18, 2022
    risk 0.49cvss 7.5epss 0.01

    In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

  • CVE-2022-39296HigOct 11, 2022
    risk 0.49cvss 8.6epss 0.01

    MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack…

  • CVE-2022-34026HigSep 22, 2022
    risk 0.49cvss 7.5epss 0.01

    ICEcoder v8.1 allows attackers to execute a directory traversal.

  • CVE-2022-28981HigSep 22, 2022
    risk 0.49cvss 7.5epss 0.01

    Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.

  • CVE-2022-2265HigSep 21, 2022
    risk 0.49cvss 7.5epss 0.01

    The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25

  • CVE-2022-37422HigAug 18, 2022
    risk 0.49cvss 7.5epss 0.01

    Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.

  • CVE-2022-35410HigJul 8, 2022
    risk 0.49cvss 7.5epss 0.02

    mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.

  • CVE-2022-23793HigMar 30, 2022
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.

  • CVE-2022-24718HigMar 1, 2022
    risk 0.49cvss 7.6epss 0.01

    ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known…

  • CVE-2021-23631HigJan 21, 2022
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a…

  • CVE-2021-45712HigDec 26, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.

  • CVE-2021-23797HigDec 17, 2021
    risk 0.49cvss 7.5epss 0.02

    All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.

  • CVE-2021-43775HigNov 23, 2021
    risk 0.49cvss 8.6epss 0.02

    Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute…

  • CVE-2021-39109HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.02

    The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.