VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 21 of 41
  • CVE-2021-28163Apr 1, 2021
    risk 0.00cvss epss 0.04

    In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that…

  • CVE-2021-21479Feb 9, 2021
    risk 0.00cvss epss 0.10

    In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.

  • CVE-2021-21272Jan 25, 2021
    risk 0.00cvss epss 0.01

    ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature…

  • CVE-2021-21602Jan 13, 2021
    risk 0.00cvss epss 0.02

    Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.

  • CVE-2020-26277Dec 21, 2020
    risk 0.00cvss epss 0.01

    DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to…

  • CVE-2020-29529Dec 3, 2020
    risk 0.00cvss epss 0.03

    HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

  • CVE-2020-2026Jun 10, 2020
    risk 0.00cvss epss 0.00

    A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This…

  • CVE-2020-7653May 29, 2020
    risk 0.00cvss epss 0.01

    All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.

  • CVE-2020-12265Apr 26, 2020
    risk 0.00cvss epss 0.02

    The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.

  • CVE-2019-11251Feb 3, 2020
    risk 0.00cvss epss 0.02

    The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp…

  • CVE-2019-16775Dec 13, 2019
    risk 0.00cvss epss 0.03

    Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would…

  • CVE-2014-1938Nov 21, 2019
    risk 0.00cvss epss 0.00

    python-rply before 0.7.4 insecurely creates temporary files.

  • CVE-2019-18658Nov 12, 2019
    risk 0.00cvss epss 0.02

    In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as…

  • CVE-2012-2945Oct 28, 2019
    risk 0.00cvss epss 0.03

    Hadoop 1.0.3 contains a symlink vulnerability.

  • CVE-2019-18466Oct 28, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that,…

  • CVE-2018-20990Aug 26, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.

  • CVE-2019-10152Jul 30, 2019
    risk 0.00cvss epss 0.00

    A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator…

  • CVE-2019-13915Jul 18, 2019
    risk 0.00cvss epss 0.03

    b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink…

  • CVE-2019-13173Jul 2, 2019
    risk 0.00cvss epss 0.03

    fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The…

  • CVE-2018-20834Apr 30, 2019
    risk 0.00cvss epss 0.03

    A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name…