CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 21 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28163 | 0.00 | — | 0.04 | Apr 1, 2021 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that… | |||
| CVE-2021-21479 | — | 0.00 | — | 0.10 | Feb 9, 2021 | In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | ||
| CVE-2021-21272 | — | 0.00 | — | 0.01 | Jan 25, 2021 | ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature… | ||
| CVE-2021-21602 | 0.00 | — | 0.02 | Jan 13, 2021 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. | |||
| CVE-2020-26277 | — | 0.00 | — | 0.01 | Dec 21, 2020 | DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to… | ||
| CVE-2020-29529 | — | 0.00 | — | 0.03 | Dec 3, 2020 | HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. | ||
| CVE-2020-2026 | 0.00 | — | 0.00 | Jun 10, 2020 | A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This… | |||
| CVE-2020-7653 | — | 0.00 | — | 0.01 | May 29, 2020 | All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | ||
| CVE-2020-12265 | — | 0.00 | — | 0.02 | Apr 26, 2020 | The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | ||
| CVE-2019-11251 | 0.00 | — | 0.02 | Feb 3, 2020 | The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp… | |||
| CVE-2019-16775 | 0.00 | — | 0.03 | Dec 13, 2019 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would… | |||
| CVE-2014-1938 | — | 0.00 | — | 0.00 | Nov 21, 2019 | python-rply before 0.7.4 insecurely creates temporary files. | ||
| CVE-2019-18658 | — | 0.00 | — | 0.02 | Nov 12, 2019 | In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as… | ||
| CVE-2012-2945 | — | 0.00 | — | 0.03 | Oct 28, 2019 | Hadoop 1.0.3 contains a symlink vulnerability. | ||
| CVE-2019-18466 | — | 0.00 | — | 0.01 | Oct 28, 2019 | An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that,… | ||
| CVE-2018-20990 | — | 0.00 | — | 0.02 | Aug 26, 2019 | An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. | ||
| CVE-2019-10152 | 0.00 | — | 0.00 | Jul 30, 2019 | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator… | |||
| CVE-2019-13915 | — | 0.00 | — | 0.03 | Jul 18, 2019 | b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink… | ||
| CVE-2019-13173 | — | 0.00 | — | 0.03 | Jul 2, 2019 | fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The… | ||
| CVE-2018-20834 | 0.00 | — | 0.03 | Apr 30, 2019 | A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name… |
- CVE-2021-28163Apr 1, 2021risk 0.00cvss —epss 0.04
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that…
- CVE-2021-21479Feb 9, 2021risk 0.00cvss —epss 0.10
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
- CVE-2021-21272Jan 25, 2021risk 0.00cvss —epss 0.01
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature…
- CVE-2021-21602Jan 13, 2021risk 0.00cvss —epss 0.02
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
- CVE-2020-26277Dec 21, 2020risk 0.00cvss —epss 0.01
DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to…
- CVE-2020-29529Dec 3, 2020risk 0.00cvss —epss 0.03
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
- CVE-2020-2026Jun 10, 2020risk 0.00cvss —epss 0.00
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This…
- CVE-2020-7653May 29, 2020risk 0.00cvss —epss 0.01
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
- CVE-2020-12265Apr 26, 2020risk 0.00cvss —epss 0.02
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
- CVE-2019-11251Feb 3, 2020risk 0.00cvss —epss 0.02
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp…
- CVE-2019-16775Dec 13, 2019risk 0.00cvss —epss 0.03
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would…
- CVE-2014-1938Nov 21, 2019risk 0.00cvss —epss 0.00
python-rply before 0.7.4 insecurely creates temporary files.
- CVE-2019-18658Nov 12, 2019risk 0.00cvss —epss 0.02
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as…
- CVE-2012-2945Oct 28, 2019risk 0.00cvss —epss 0.03
Hadoop 1.0.3 contains a symlink vulnerability.
- CVE-2019-18466Oct 28, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that,…
- CVE-2018-20990Aug 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
- CVE-2019-10152Jul 30, 2019risk 0.00cvss —epss 0.00
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator…
- CVE-2019-13915Jul 18, 2019risk 0.00cvss —epss 0.03
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink…
- CVE-2019-13173Jul 2, 2019risk 0.00cvss —epss 0.03
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The…
- CVE-2018-20834Apr 30, 2019risk 0.00cvss —epss 0.03
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name…