VYPR

CWE-706

Use of Incorrectly-Resolved Name or Reference

ClassIncomplete

Description

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-159 · CAPEC-177 · CAPEC-48 · CAPEC-641

CVEs mapped to this weakness (49)

page 3 of 3
  • CVE-2024-27292Feb 29, 2024
    risk 0.00cvss epss 0.69

    Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version…

  • CVE-2023-34092Jun 1, 2023
    risk 0.00cvss epss 0.03

    Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application…

  • CVE-2023-28628Mar 27, 2023
    risk 0.00cvss epss 0.01

    lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from…

  • CVE-2023-27561Mar 3, 2023
    risk 0.00cvss epss 0.00

    runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this…

  • CVE-2021-39156Aug 24, 2021
    risk 0.00cvss epss 0.01

    Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability…

  • CVE-2021-24122Jan 14, 2021
    risk 0.00cvss epss 0.23

    When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the…

  • CVE-2020-35894Dec 31, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.

  • CVE-2019-19921Feb 12, 2020
    risk 0.00cvss epss 0.00

    runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This…

  • CVE-2019-9901Apr 25, 2019
    risk 0.00cvss epss 0.03

    Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond…