CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 60 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3693 | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2023 | Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | ||
| CVE-2022-25895 | — | Hig | 0.49 | 7.5 | 0.01 | Dec 21, 2022 | All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |
| CVE-2022-25931 | — | Hig | 0.49 | 7.5 | 0.01 | Dec 20, 2022 | All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |
| CVE-2022-25848 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 29, 2022 | This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. | |
| CVE-2022-45921 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 28, 2022 | FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | |
| CVE-2022-45388 | Hig | 0.49 | 7.5 | 0.01 | Nov 15, 2022 | Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | ||
| CVE-2022-42125 | Hig | 0.49 | 7.5 | 0.01 | Nov 15, 2022 | Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. | ||
| CVE-2022-42123 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 15, 2022 | A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious… | |
| CVE-2022-37866 | Hig | 0.49 | 7.5 | 0.02 | Nov 7, 2022 | When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which… | ||
| CVE-2022-32287 | Hig | 0.49 | 7.5 | 0.02 | Nov 3, 2022 | A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version… | ||
| CVE-2022-42188 | — | Hig | 0.49 | 7.5 | 0.01 | Oct 18, 2022 | In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | |
| CVE-2022-39296 | Hig | 0.49 | 8.6 | 0.01 | Oct 11, 2022 | MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack… | ||
| CVE-2022-34026 | Hig | 0.49 | 7.5 | 0.01 | Sep 22, 2022 | ICEcoder v8.1 allows attackers to execute a directory traversal. | ||
| CVE-2022-28981 | Hig | 0.49 | 7.5 | 0.01 | Sep 22, 2022 | Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. | ||
| CVE-2022-2265 | Hig | 0.49 | 7.5 | 0.01 | Sep 21, 2022 | The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | ||
| CVE-2022-37422 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2022 | Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. | ||
| CVE-2022-35410 | — | Hig | 0.49 | 7.5 | 0.02 | Jul 8, 2022 | mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. | |
| CVE-2022-23793 | Hig | 0.49 | 7.5 | 0.02 | Mar 30, 2022 | An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. | ||
| CVE-2022-24718 | Hig | 0.49 | 7.6 | 0.01 | Mar 1, 2022 | ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known… | ||
| CVE-2021-23631 | Hig | 0.49 | 7.5 | 0.02 | Jan 21, 2022 | This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a… |
- risk 0.49cvss 7.5epss 0.01
Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3.
- risk 0.49cvss 7.5epss 0.01
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
- risk 0.49cvss 7.5epss 0.01
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
- risk 0.49cvss 7.5epss 0.01
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.
- risk 0.49cvss 7.5epss 0.01
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.
- risk 0.49cvss 7.5epss 0.01
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.
- risk 0.49cvss 7.5epss 0.01
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
- risk 0.49cvss 7.5epss 0.01
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious…
- risk 0.49cvss 7.5epss 0.02
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which…
- risk 0.49cvss 7.5epss 0.02
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version…
- risk 0.49cvss 7.5epss 0.01
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
- risk 0.49cvss 8.6epss 0.01
MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack…
- risk 0.49cvss 7.5epss 0.01
ICEcoder v8.1 allows attackers to execute a directory traversal.
- risk 0.49cvss 7.5epss 0.01
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
- risk 0.49cvss 7.5epss 0.01
The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25
- risk 0.49cvss 7.5epss 0.01
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
- risk 0.49cvss 7.5epss 0.02
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
- risk 0.49cvss 7.6epss 0.01
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known…
- risk 0.49cvss 7.5epss 0.02
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a…