CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 59 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52288 | — | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2024 | An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files. | |
| CVE-2023-50449 | — | Hig | 0.49 | 7.5 | 0.01 | Dec 10, 2023 | JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | |
| CVE-2023-49735 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 30, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key.… | |
| CVE-2023-48848 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 28, 2023 | An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | |
| CVE-2023-6118 | Hig | 0.49 | 7.5 | 0.01 | Nov 23, 2023 | Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1. | ||
| CVE-2023-45823 | Hig | 0.49 | 7.5 | 0.01 | Oct 19, 2023 | Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of… | ||
| CVE-2023-45277 | — | Hig | 0.49 | 7.5 | 0.01 | Oct 19, 2023 | Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files. | |
| CVE-2023-26152 | — | Hig | 0.49 | 7.5 | 0.01 | Oct 3, 2023 | All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. | |
| CVE-2023-41578 | — | Hig | 0.49 | 7.5 | 0.01 | Sep 8, 2023 | Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. | |
| CVE-2023-40826 | — | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2023 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. | |
| CVE-2023-39141 | — | Hig | 0.49 | 7.5 | 0.03 | Aug 22, 2023 | webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. | |
| CVE-2023-39964 | Hig | 0.49 | 7.5 | 0.01 | Aug 10, 2023 | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`,… | ||
| CVE-2023-38337 | — | Hig | 0.49 | 7.5 | 0.01 | Jul 14, 2023 | rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project. | |
| CVE-2023-35069 | Hig | 0.49 | 7.5 | 0.01 | Jul 13, 2023 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal. This issue affects Bullwark: before BLW-2016E-960H. | ||
| CVE-2023-26126 | — | Hig | 0.49 | 7.5 | 0.01 | May 10, 2023 | All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. | |
| CVE-2023-25345 | — | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2023 | Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags. | |
| CVE-2023-26111 | Hig | 0.49 | 7.5 | 0.01 | Mar 6, 2023 | All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function. | ||
| CVE-2022-47762 | — | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2023 | In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. | |
| CVE-2022-21192 | — | Hig | 0.49 | 7.5 | 0.01 | Jan 26, 2023 | All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join(). | |
| CVE-2022-47747 | — | Hig | 0.49 | 7.5 | 0.01 | Jan 20, 2023 | kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. |
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.
- risk 0.49cvss 7.5epss 0.01
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
- risk 0.49cvss 7.5epss 0.01
** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key.…
- risk 0.49cvss 7.5epss 0.01
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1.
- risk 0.49cvss 7.5epss 0.01
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of…
- risk 0.49cvss 7.5epss 0.01
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
- risk 0.49cvss 7.5epss 0.01
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.
- risk 0.49cvss 7.5epss 0.01
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
- risk 0.49cvss 7.5epss 0.01
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
- risk 0.49cvss 7.5epss 0.03
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
- risk 0.49cvss 7.5epss 0.01
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`,…
- risk 0.49cvss 7.5epss 0.01
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal. This issue affects Bullwark: before BLW-2016E-960H.
- risk 0.49cvss 7.5epss 0.01
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
- risk 0.49cvss 7.5epss 0.01
Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.
- risk 0.49cvss 7.5epss 0.01
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
- risk 0.49cvss 7.5epss 0.01
In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.
- risk 0.49cvss 7.5epss 0.01
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
- risk 0.49cvss 7.5epss 0.01
kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.