CWE-23
Relative Path Traversal
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (193)
page 9 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8551 | 0.00 | — | 0.01 | Mar 20, 2025 | A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or… | |||
| CVE-2024-6483 | — | 0.00 | — | 0.01 | Mar 20, 2025 | A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata… | ||
| CVE-2025-27610 | 0.00 | — | 0.01 | Mar 10, 2025 | Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The… | |||
| CVE-2024-47051 | 0.00 | — | 0.02 | Feb 26, 2025 | This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified… | |||
| CVE-2024-52012 | 0.00 | — | 0.43 | Jan 27, 2025 | Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use… | |||
| CVE-2024-6985 | — | 0.00 | — | 0.00 | Oct 11, 2024 | A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to… | ||
| CVE-2024-45816 | 0.00 | — | 0.01 | Sep 17, 2024 | Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass… | |||
| CVE-2021-27916 | 0.00 | — | 0.01 | Sep 17, 2024 | Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or… | |||
| CVE-2024-43399 | 0.00 | — | 0.01 | Aug 19, 2024 | Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension… | |||
| CVE-2024-0520 | 0.00 | — | 0.02 | Jun 6, 2024 | A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a… | |||
| CVE-2024-4330 | 0.00 | — | 0.00 | May 30, 2024 | A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an… | |||
| CVE-2024-25620 | 0.00 | — | 0.01 | Feb 14, 2024 | Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected… | |||
| CVE-2024-1485 | 0.00 | — | 0.01 | Feb 13, 2024 | A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup… | |||
| CVE-2024-22415 | 0.00 | — | 0.00 | Jan 18, 2024 | jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating… | |||
| CVE-2023-5189 | 0.00 | — | 0.01 | Nov 14, 2023 | A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. | |||
| CVE-2023-46119 | 0.00 | — | 0.01 | Oct 25, 2023 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1. | |||
| CVE-2023-40026 | 0.00 | — | 0.01 | Sep 27, 2023 | Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the… | |||
| CVE-2023-4914 | — | 0.00 | — | 0.01 | Sep 12, 2023 | Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1. | ||
| CVE-2023-2356 | 0.00 | — | 0.04 | Apr 28, 2023 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | |||
| CVE-2022-3162 | 0.00 | — | 0.01 | Mar 1, 2023 | Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+… |
- CVE-2024-8551Mar 20, 2025risk 0.00cvss —epss 0.01
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or…
- CVE-2024-6483Mar 20, 2025risk 0.00cvss —epss 0.01
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata…
- CVE-2025-27610Mar 10, 2025risk 0.00cvss —epss 0.01
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The…
- CVE-2024-47051Feb 26, 2025risk 0.00cvss —epss 0.02
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified…
- CVE-2024-52012Jan 27, 2025risk 0.00cvss —epss 0.43
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use…
- CVE-2024-6985Oct 11, 2024risk 0.00cvss —epss 0.00
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to…
- CVE-2024-45816Sep 17, 2024risk 0.00cvss —epss 0.01
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass…
- CVE-2021-27916Sep 17, 2024risk 0.00cvss —epss 0.01
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or…
- CVE-2024-43399Aug 19, 2024risk 0.00cvss —epss 0.01
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension…
- CVE-2024-0520Jun 6, 2024risk 0.00cvss —epss 0.02
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a…
- CVE-2024-4330May 30, 2024risk 0.00cvss —epss 0.00
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an…
- CVE-2024-25620Feb 14, 2024risk 0.00cvss —epss 0.01
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected…
- CVE-2024-1485Feb 13, 2024risk 0.00cvss —epss 0.01
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup…
- CVE-2024-22415Jan 18, 2024risk 0.00cvss —epss 0.00
jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating…
- CVE-2023-5189Nov 14, 2023risk 0.00cvss —epss 0.01
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
- CVE-2023-46119Oct 25, 2023risk 0.00cvss —epss 0.01
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
- CVE-2023-40026Sep 27, 2023risk 0.00cvss —epss 0.01
Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the…
- CVE-2023-4914Sep 12, 2023risk 0.00cvss —epss 0.01
Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.
- CVE-2023-2356Apr 28, 2023risk 0.00cvss —epss 0.04
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
- CVE-2022-3162Mar 1, 2023risk 0.00cvss —epss 0.01
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+…