VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 92 of 275
  • CVE-2024-49770HigNov 1, 2024
    risk 0.43cvss epss 0.01

    `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by…

  • CVE-2024-47309MedOct 5, 2024
    risk 0.43cvss 6.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a…

  • CVE-2024-38816HigSep 13, 2024
    risk 0.43cvss 7.5epss 0.15

    Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the…

  • CVE-2024-43373HigAug 15, 2024
    risk 0.43cvss 7.7epss 0.00

    webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction…

  • CVE-2024-22232HigJun 27, 2024
    risk 0.43cvss 7.7epss 0.01

    A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

  • CVE-2024-2928HigJun 6, 2024
    risk 0.43cvss 7.5epss 0.22

    A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as…

  • CVE-2024-23772MedApr 30, 2024
    risk 0.43cvss 6.6epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT…

  • CVE-2024-31457HigApr 9, 2024
    risk 0.43cvss 7.7epss 0.01

    gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the…

  • CVE-2023-6583MedJan 11, 2024
    risk 0.43cvss 6.6epss 0.01

    The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to…

  • CVE-2020-36728MedJun 7, 2023
    risk 0.43cvss 6.5epss 0.03

    The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.

  • CVE-2022-36035HigAug 31, 2022
    risk 0.43cvss 7.7epss 0.00

    Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The…

  • CVE-2022-24348HigFeb 4, 2022
    risk 0.43cvss 7.7epss 0.03

    Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

  • CVE-2021-43831HigDec 15, 2021
    risk 0.43cvss 7.7epss 0.04

    Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio…

  • CVE-2021-41279HigNov 26, 2021
    risk 0.43cvss 7.7epss 0.02

    BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be…

  • CVE-2021-40978HigOct 7, 2021
    risk 0.43cvss 7.5epss 0.15

    The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and…

  • CVE-2020-26279HigMar 24, 2021
    risk 0.43cvss 7.7epss 0.02

    go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be…

  • CVE-2021-3223HigJan 26, 2021
    risk 0.43cvss 7.5epss 0.18

    Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.

  • CVE-2021-21272HigJan 25, 2021
    risk 0.43cvss 7.7epss 0.01

    ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature…

  • CVE-2019-16777HigDec 13, 2019
    risk 0.43cvss 7.7epss 0.02

    Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any…

  • CVE-2019-16776HigDec 13, 2019
    risk 0.43cvss 7.7epss 0.03

    Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher…