CWE-427
Uncontrolled Search Path Element
Description
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-38 · CAPEC-471
CVEs mapped to this weakness (377)
page 19 of 19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30167 | 0.00 | — | 0.00 | Jun 3, 2025 | Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow… | |||
| CVE-2024-10389 | — | 0.00 | — | 0.00 | Nov 4, 2024 | There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past… | ||
| CVE-2024-39613 | 0.00 | — | 0.00 | Sep 16, 2024 | Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. | |||
| CVE-2024-27303 | 0.00 | — | 0.00 | Mar 6, 2024 | electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec… | |||
| CVE-2023-31543 | — | 0.00 | — | 0.01 | Jun 30, 2023 | A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. | ||
| CVE-2023-0247 | 0.00 | — | 0.00 | Jan 12, 2023 | Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1. | |||
| CVE-2022-39286 | 0.00 | — | 0.01 | Oct 26, 2022 | Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows… | |||
| CVE-2021-3840 | 0.00 | — | 0.02 | Nov 12, 2021 | A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE… | |||
| CVE-2021-36753 | — | 0.00 | — | 0.00 | Jul 15, 2021 | sharkdp BAT before 0.18.2 executes less.exe from the current working directory. | ||
| CVE-2021-36376 | — | 0.00 | — | 0.00 | Jul 13, 2021 | dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory. | ||
| CVE-2021-28955 | — | 0.00 | — | 0.02 | Mar 22, 2021 | git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). | ||
| CVE-2020-27348 | — | 0.00 | — | 0.01 | Dec 4, 2020 | In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to… | ||
| CVE-2020-24356 | — | 0.00 | — | 0.00 | Oct 2, 2020 | `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user.… | ||
| CVE-2019-3881 | 0.00 | — | 0.01 | Sep 4, 2020 | Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an… | |||
| CVE-2020-13110 | — | 0.00 | — | 0.01 | May 16, 2020 | The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. | ||
| CVE-2005-1632 | 0.00 | — | 0.00 | May 17, 2005 | Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/. | |||
| CVE-2005-0457 | 0.00 | — | 0.00 | May 2, 2005 | Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. |
- CVE-2025-30167Jun 3, 2025risk 0.00cvss —epss 0.00
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow…
- CVE-2024-10389Nov 4, 2024risk 0.00cvss —epss 0.00
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past…
- CVE-2024-39613Sep 16, 2024risk 0.00cvss —epss 0.00
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
- CVE-2024-27303Mar 6, 2024risk 0.00cvss —epss 0.00
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec…
- CVE-2023-31543Jun 30, 2023risk 0.00cvss —epss 0.01
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
- CVE-2023-0247Jan 12, 2023risk 0.00cvss —epss 0.00
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
- CVE-2022-39286Oct 26, 2022risk 0.00cvss —epss 0.01
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows…
- CVE-2021-3840Nov 12, 2021risk 0.00cvss —epss 0.02
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE…
- CVE-2021-36753Jul 15, 2021risk 0.00cvss —epss 0.00
sharkdp BAT before 0.18.2 executes less.exe from the current working directory.
- CVE-2021-36376Jul 13, 2021risk 0.00cvss —epss 0.00
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.
- CVE-2021-28955Mar 22, 2021risk 0.00cvss —epss 0.02
git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
- CVE-2020-27348Dec 4, 2020risk 0.00cvss —epss 0.01
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to…
- CVE-2020-24356Oct 2, 2020risk 0.00cvss —epss 0.00
`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user.…
- CVE-2019-3881Sep 4, 2020risk 0.00cvss —epss 0.01
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an…
- CVE-2020-13110May 16, 2020risk 0.00cvss —epss 0.01
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.
- CVE-2005-1632May 17, 2005risk 0.00cvss —epss 0.00
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.
- CVE-2005-0457May 2, 2005risk 0.00cvss —epss 0.00
Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory.