CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 92 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49770 | Hig | 0.43 | — | 0.01 | Nov 1, 2024 | `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by… | ||
| CVE-2024-47309 | Med | 0.43 | 6.6 | 0.01 | Oct 5, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a… | ||
| CVE-2024-38816 | Hig | 0.43 | 7.5 | 0.15 | Sep 13, 2024 | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the… | ||
| CVE-2024-43373 | — | Hig | 0.43 | 7.7 | 0.00 | Aug 15, 2024 | webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction… | |
| CVE-2024-22232 | Hig | 0.43 | 7.7 | 0.01 | Jun 27, 2024 | A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem. | ||
| CVE-2024-2928 | Hig | 0.43 | 7.5 | 0.22 | Jun 6, 2024 | A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as… | ||
| CVE-2024-23772 | Med | 0.43 | 6.6 | 0.00 | Apr 30, 2024 | An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT… | ||
| CVE-2024-31457 | Hig | 0.43 | 7.7 | 0.01 | Apr 9, 2024 | gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the… | ||
| CVE-2023-6583 | Med | 0.43 | 6.6 | 0.01 | Jan 11, 2024 | The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to… | ||
| CVE-2020-36728 | Med | 0.43 | 6.5 | 0.03 | Jun 7, 2023 | The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site. | ||
| CVE-2022-36035 | Hig | 0.43 | 7.7 | 0.00 | Aug 31, 2022 | Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The… | ||
| CVE-2022-24348 | — | Hig | 0.43 | 7.7 | 0.03 | Feb 4, 2022 | Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. | |
| CVE-2021-43831 | Hig | 0.43 | 7.7 | 0.04 | Dec 15, 2021 | Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio… | ||
| CVE-2021-41279 | Hig | 0.43 | 7.7 | 0.02 | Nov 26, 2021 | BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be… | ||
| CVE-2021-40978 | — | Hig | 0.43 | 7.5 | 0.15 | Oct 7, 2021 | The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and… | |
| CVE-2020-26279 | Hig | 0.43 | 7.7 | 0.02 | Mar 24, 2021 | go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be… | ||
| CVE-2021-3223 | — | Hig | 0.43 | 7.5 | 0.18 | Jan 26, 2021 | Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. | |
| CVE-2021-21272 | — | Hig | 0.43 | 7.7 | 0.01 | Jan 25, 2021 | ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature… | |
| CVE-2019-16777 | Hig | 0.43 | 7.7 | 0.02 | Dec 13, 2019 | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any… | ||
| CVE-2019-16776 | Hig | 0.43 | 7.7 | 0.03 | Dec 13, 2019 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher… |
- risk 0.43cvss —epss 0.01
`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by…
- risk 0.43cvss 6.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a…
- risk 0.43cvss 7.5epss 0.15
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the…
- risk 0.43cvss 7.7epss 0.00
webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction…
- risk 0.43cvss 7.7epss 0.01
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.
- risk 0.43cvss 7.5epss 0.22
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as…
- risk 0.43cvss 6.6epss 0.00
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT…
- risk 0.43cvss 7.7epss 0.01
gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the…
- risk 0.43cvss 6.6epss 0.01
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to…
- risk 0.43cvss 6.5epss 0.03
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.
- risk 0.43cvss 7.7epss 0.00
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The…
- risk 0.43cvss 7.7epss 0.03
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
- risk 0.43cvss 7.7epss 0.04
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio…
- risk 0.43cvss 7.7epss 0.02
BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be…
- risk 0.43cvss 7.5epss 0.15
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and…
- risk 0.43cvss 7.7epss 0.02
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be…
- risk 0.43cvss 7.5epss 0.18
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
- risk 0.43cvss 7.7epss 0.01
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature…
- risk 0.43cvss 7.7epss 0.02
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any…
- risk 0.43cvss 7.7epss 0.03
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher…