VYPR

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

ClassDraft

Description

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-219

CVEs mapped to this weakness (65)

page 4 of 4
  • CVE-2020-8553Jul 29, 2020
    risk 0.00cvss epss 0.01

    The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a…

  • CVE-2020-5296Jun 3, 2020
    risk 0.00cvss epss 0.01

    In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the…

  • CVE-2020-5297Jun 3, 2020
    risk 0.00cvss epss 0.01

    In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an…

  • CVE-2019-14905Mar 31, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename…

  • CVE-2017-16088CriJun 7, 2018
    risk 0.00cvss 10.0epss 0.03

    The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.