CWE-26
AllowedPath Traversal: '/dir/../filename'
Abstraction: Variant · Status: Draft
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.
25 vulnerabilities reference this CWE, most recent first.
CVE-2026-46747 (GCVE-0-2026-46747)
Vulnerability from cvelistv5 – Published: 2026-06-09 08:46 – Updated: 2026-06-09 14:37- CWE-26 - Path Traversal: '/dir/../filename'
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:37:00.719840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:37:31.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:54.724Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46747",
"datePublished": "2026-06-09T08:46:54.724Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T14:37:31.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42196 (GCVE-0-2026-42196)
Vulnerability from cvelistv5 – Published: 2026-05-12 20:58 – Updated: 2026-05-13 15:37| URL | Tags |
|---|---|
| https://github.com/codingjoe/django-s3file/securi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| codingjoe | django-s3file |
Affected:
< 7.0.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T15:03:21.971724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:37:19.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "django-s3file",
"vendor": "codingjoe",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES. Depending on how files are handled, this may lead to confidentiality and integrity issues. This vulnerability is fixed in 7.0.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:58:02.872Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/codingjoe/django-s3file/security/advisories/GHSA-67qg-7284-2277",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/codingjoe/django-s3file/security/advisories/GHSA-67qg-7284-2277"
}
],
"source": {
"advisory": "GHSA-67qg-7284-2277",
"discovery": "UNKNOWN"
},
"title": "django-s3file: Relative path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42196",
"datePublished": "2026-05-12T20:58:02.872Z",
"dateReserved": "2026-04-25T01:53:21.584Z",
"dateUpdated": "2026-05-13T15:37:19.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25575 (GCVE-0-2026-25575)
Vulnerability from cvelistv5 – Published: 2026-02-04 21:54 – Updated: 2026-02-05 17:48| URL | Tags |
|---|---|
| https://github.com/TUM-Dev/NavigaTUM/security/adv… | x_refsource_CONFIRM |
| https://github.com/TUM-Dev/NavigaTUM/pull/2650 | x_refsource_MISC |
| https://github.com/TUM-Dev/NavigaTUM/commit/86f34… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T17:48:24.024958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:48:31.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/TUM-Dev/NavigaTUM/security/advisories/GHSA-59hj-f48w-hjfm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NavigaTUM",
"vendor": "TUM-Dev",
"versions": [
{
"status": "affected",
"version": "\u003c 86f34c72886a59ec8f1e6c00f78a5ab889a70fd0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying unsanitized file keys containing traversal sequences (e.g., ../../) in the JSON payload, an attacker can escape the intended temporary directory and replace public facing images or fill the server\u0027s storage. This issue has been patched via commit 86f34c7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:54:38.258Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TUM-Dev/NavigaTUM/security/advisories/GHSA-59hj-f48w-hjfm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TUM-Dev/NavigaTUM/security/advisories/GHSA-59hj-f48w-hjfm"
},
{
"name": "https://github.com/TUM-Dev/NavigaTUM/pull/2650",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TUM-Dev/NavigaTUM/pull/2650"
},
{
"name": "https://github.com/TUM-Dev/NavigaTUM/commit/86f34c72886a59ec8f1e6c00f78a5ab889a70fd0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TUM-Dev/NavigaTUM/commit/86f34c72886a59ec8f1e6c00f78a5ab889a70fd0"
}
],
"source": {
"advisory": "GHSA-59hj-f48w-hjfm",
"discovery": "UNKNOWN"
},
"title": "NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25575",
"datePublished": "2026-02-04T21:54:38.258Z",
"dateReserved": "2026-02-03T01:02:46.714Z",
"dateUpdated": "2026-02-05T17:48:31.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53908 (GCVE-0-2025-53908)
Vulnerability from cvelistv5 – Published: 2025-07-16 19:55 – Updated: 2025-07-18 14:21- CWE-26 - Path Traversal: '/dir/../filename'
| URL | Tags |
|---|---|
| https://github.com/rommapp/romm/security/advisori… | x_refsource_CONFIRM |
| https://github.com/rommapp/romm/commit/7c94cb05e7… | x_refsource_MISC |
| https://github.com/rommapp/romm/commit/baa1a97590… | x_refsource_MISC |
| https://github.com/rommapp/romm/blob/4.0.0-beta.2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53908",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:21:41.812165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:21:44.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "romm",
"vendor": "rommapp",
"versions": [
{
"status": "affected",
"version": "\u003c 3.10.3"
},
{
"status": "affected",
"version": "\u003c 4.0.0-beta.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T19:55:31.608Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3"
},
{
"name": "https://github.com/rommapp/romm/commit/7c94cb05e74ddb6a6af7b82320686c01754e9966",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rommapp/romm/commit/7c94cb05e74ddb6a6af7b82320686c01754e9966"
},
{
"name": "https://github.com/rommapp/romm/commit/baa1a9759079c36e36a9f10c920c46b57d0b6151",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rommapp/romm/commit/baa1a9759079c36e36a9f10c920c46b57d0b6151"
},
{
"name": "https://github.com/rommapp/romm/blob/4.0.0-beta.2/backend/endpoints/raw.py#L31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rommapp/romm/blob/4.0.0-beta.2/backend/endpoints/raw.py#L31"
}
],
"source": {
"advisory": "GHSA-fx9g-xw4j-jwc3",
"discovery": "UNKNOWN"
},
"title": "RomM vulnerable to Authenticated Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53908",
"datePublished": "2025-07-16T19:55:15.844Z",
"dateReserved": "2025-07-11T19:05:23.827Z",
"dateUpdated": "2025-07-18T14:21:44.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25295 (GCVE-0-2025-25295)
Vulnerability from cvelistv5 – Published: 2025-02-14 16:50 – Updated: 2025-03-03 17:26| URL | Tags |
|---|---|
| https://github.com/HumanSignal/label-studio/secur… | x_refsource_CONFIRM |
| https://github.com/HumanSignal/label-studio-sdk/c… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| HumanSignal | label-studio |
Affected:
< 1.0.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25295",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T17:25:58.421040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T17:26:13.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "label-studio",
"vendor": "HumanSignal",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a `download` function on the `label-studio-sdk` python package, which fails to validate file paths when processing image references during task exports. By creating tasks with path traversal sequences in the image field, an attacker can force the application to read files from arbitrary server filesystem locations when exporting projects in any of the mentioned formats. This is authentication-required vulnerability allowing arbitrary file reads from the server filesystem. It may lead to potential exposure of sensitive information like configuration files, credentials, and confidential data. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T16:50:26.336Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-rgv9-w7jp-m23g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-rgv9-w7jp-m23g"
},
{
"name": "https://github.com/HumanSignal/label-studio-sdk/commit/4a9715c6b0b619371e89c09ea8d1c86ce5c880df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HumanSignal/label-studio-sdk/commit/4a9715c6b0b619371e89c09ea8d1c86ce5c880df"
}
],
"source": {
"advisory": "GHSA-rgv9-w7jp-m23g",
"discovery": "UNKNOWN"
},
"title": "Label Studio has a Path Traversal Vulnerability via image Field"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25295",
"datePublished": "2025-02-14T16:50:26.336Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-03-03T17:26:13.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20345 (GCVE-0-2024-20345)
Vulnerability from cvelistv5 – Published: 2024-03-06 16:33 – Updated: 2025-08-26 20:08- CWE-26 - Path Traversal
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco AppDynamics |
Affected:
21.2.0
Affected: 21.2.1 Affected: 21.2.2 Affected: 21.2.3 Affected: 21.2.6 Affected: 21.2.7 Affected: 21.2.8 Affected: 21.4.0 Affected: 21.4.10 Affected: 21.4.11 Affected: 21.4.2 Affected: 21.4.3 Affected: 21.4.4 Affected: 21.4.5 Affected: 21.4.6 Affected: 21.4.7 Affected: 21.4.8 Affected: 21.4.9 Affected: 21.11.0 Affected: 21.5.0 Affected: 21.6.0 Affected: 21.12.0 Affected: 21.12.2 Affected: 21.12.1 Affected: 22.1.0 Affected: 22.1.1 Affected: 22.11.0 Affected: 22.3.0 Affected: 22.10.0 Affected: 22.12.0 Affected: 22.12.1 Affected: 21.7.0 Affected: 22.8.0 Affected: 23.2.0 Affected: 23.4.0 Affected: 23.7.1 Affected: 23.7.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-20345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T16:48:25.947850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T20:08:10.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-appd-traversal-m7N8mZpF",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco AppDynamics",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "21.2.0"
},
{
"status": "affected",
"version": "21.2.1"
},
{
"status": "affected",
"version": "21.2.2"
},
{
"status": "affected",
"version": "21.2.3"
},
{
"status": "affected",
"version": "21.2.6"
},
{
"status": "affected",
"version": "21.2.7"
},
{
"status": "affected",
"version": "21.2.8"
},
{
"status": "affected",
"version": "21.4.0"
},
{
"status": "affected",
"version": "21.4.10"
},
{
"status": "affected",
"version": "21.4.11"
},
{
"status": "affected",
"version": "21.4.2"
},
{
"status": "affected",
"version": "21.4.3"
},
{
"status": "affected",
"version": "21.4.4"
},
{
"status": "affected",
"version": "21.4.5"
},
{
"status": "affected",
"version": "21.4.6"
},
{
"status": "affected",
"version": "21.4.7"
},
{
"status": "affected",
"version": "21.4.8"
},
{
"status": "affected",
"version": "21.4.9"
},
{
"status": "affected",
"version": "21.11.0"
},
{
"status": "affected",
"version": "21.5.0"
},
{
"status": "affected",
"version": "21.6.0"
},
{
"status": "affected",
"version": "21.12.0"
},
{
"status": "affected",
"version": "21.12.2"
},
{
"status": "affected",
"version": "21.12.1"
},
{
"status": "affected",
"version": "22.1.0"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"status": "affected",
"version": "22.11.0"
},
{
"status": "affected",
"version": "22.3.0"
},
{
"status": "affected",
"version": "22.10.0"
},
{
"status": "affected",
"version": "22.12.0"
},
{
"status": "affected",
"version": "22.12.1"
},
{
"status": "affected",
"version": "21.7.0"
},
{
"status": "affected",
"version": "22.8.0"
},
{
"status": "affected",
"version": "23.2.0"
},
{
"status": "affected",
"version": "23.4.0"
},
{
"status": "affected",
"version": "23.7.1"
},
{
"status": "affected",
"version": "23.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T16:33:48.826Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-appd-traversal-m7N8mZpF",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF"
}
],
"source": {
"advisory": "cisco-sa-appd-traversal-m7N8mZpF",
"defects": [
"CSCwh18934"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20345",
"datePublished": "2024-03-06T16:33:48.826Z",
"dateReserved": "2023-11-08T15:08:07.643Z",
"dateUpdated": "2025-08-26T20:08:10.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5866 (GCVE-0-2024-5866)
Vulnerability from cvelistv5 – Published: 2024-07-02 15:58 – Updated: 2024-08-01 21:25- CWE-26 - Path Traversal
| Vendor | Product | Version | |
|---|---|---|---|
| Delinea | Centrify PAS |
Affected:
v. 21.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T18:58:56.437338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:38:36.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Centrify PAS",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "v. 21.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Vladas Bulavas from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch. \u003cbr\u003e"
}
],
"value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T15:58:35.304Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary Directory Listing in Centrify PAS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-5866",
"datePublished": "2024-07-02T15:58:35.304Z",
"dateReserved": "2024-06-11T15:12:47.502Z",
"dateUpdated": "2024-08-01T21:25:03.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5865 (GCVE-0-2024-5865)
Vulnerability from cvelistv5 – Published: 2024-07-02 15:55 – Updated: 2024-08-01 21:25- CWE-26 - Path Traversal
| Vendor | Product | Version | |
|---|---|---|---|
| Delinea | Centrify PAS |
Affected:
v. 21.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T18:08:01.184913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T18:08:10.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Centrify PAS",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "v. 21.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Vladas Bulavas from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch. \u003cbr\u003e"
}
],
"value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T15:55:23.267Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Reading in Centrify PAS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-5865",
"datePublished": "2024-07-02T15:55:23.267Z",
"dateReserved": "2024-06-11T15:11:40.192Z",
"dateUpdated": "2024-08-01T21:25:03.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50255 (GCVE-0-2023-50255)
Vulnerability from cvelistv5 – Published: 2023-12-27 16:16 – Updated: 2024-08-02 22:16| URL | Tags |
|---|---|
| https://github.com/linuxdeepin/developer-center/s… | x_refsource_CONFIRM |
| https://github.com/linuxdeepin/deepin-compressor/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| linuxdeepin | developer-center |
Affected:
< 5.12.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "developer-center",
"vendor": "linuxdeepin",
"versions": [
{
"status": "affected",
"version": "\u003c 5.12.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there\u0027s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T16:16:51.459Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"source": {
"advisory": "GHSA-rw5r-8p9h-3gp2",
"discovery": "UNKNOWN"
},
"title": "Zip Path Traversal in Deepin-Compressor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50255",
"datePublished": "2023-12-27T16:16:51.459Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2024-08-02T22:16:46.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25802 (GCVE-0-2023-25802)
Vulnerability from cvelistv5 – Published: 2023-03-13 19:35 – Updated: 2025-02-25 14:58| URL | Tags |
|---|---|
| https://github.com/hap-wi/roxy-wi/security/adviso… | x_refsource_CONFIRM |
| https://github.com/hap-wi/roxy-wi/commit/0054f25d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m"
},
{
"name": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:13.459785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:58:23.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don\u0027t correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-13T19:35:11.243Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m"
},
{
"name": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67"
}
],
"source": {
"advisory": "GHSA-qcmp-q5h3-784m",
"discovery": "UNKNOWN"
},
"title": "Roxy-WI has Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25802",
"datePublished": "2023-03-13T19:35:11.243Z",
"dateReserved": "2023-02-15T16:34:48.771Z",
"dateUpdated": "2025-02-25T14:58:23.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.