VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 61 of 275
  • CVE-2021-45712HigDec 26, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.

  • CVE-2021-23797HigDec 17, 2021
    risk 0.49cvss 7.5epss 0.02

    All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.

  • CVE-2021-43775HigNov 23, 2021
    risk 0.49cvss 8.6epss 0.02

    Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute…

  • CVE-2021-39109HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.02

    The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.

  • CVE-2021-23430HigAug 24, 2021
    risk 0.49cvss 7.5epss 0.02

    All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.

  • CVE-2021-30465HigMay 27, 2021
    risk 0.49cvss 8.5epss 0.07

    runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on…

  • CVE-2021-25864HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.09

    node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.

  • CVE-2017-15684HigNov 27, 2020
    risk 0.49cvss 7.5epss 0.02

    Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.

  • CVE-2020-7687HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.

  • CVE-2020-7686HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.

  • CVE-2020-7683HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.

  • CVE-2020-7682HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.

  • CVE-2020-7681HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.

  • CVE-2020-8214HigJul 20, 2020
    risk 0.49cvss 7.5epss 0.02

    A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.

  • CVE-2020-15779HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.02

    A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.

  • CVE-2020-8161HigJul 2, 2020
    risk 0.49cvss 8.6epss 0.04

    A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

  • CVE-2019-15600HigDec 18, 2019
    risk 0.49cvss 7.5epss 0.03

    A Path traversal exists in http_server which allows an attacker to read arbitrary system files.

  • CVE-2019-15596HigDec 18, 2019
    risk 0.49cvss 7.5epss 0.02

    A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.

  • CVE-2019-0207HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.03

    Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.

  • CVE-2019-12464HigSep 9, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.