CWE-35
AllowedPath Traversal: '.../...//'
Abstraction: Variant · Status: Incomplete
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
334 vulnerabilities reference this CWE, most recent first.
GHSA-3X3C-PJW5-PJR2
Vulnerability from github – Published: 2023-12-01 00:31 – Updated: 2023-12-01 00:31In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
{
"affected": [],
"aliases": [
"CVE-2023-46690"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-30T22:15:08Z",
"severity": "HIGH"
},
"details": "In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.",
"id": "GHSA-3x3c-pjw5-pjr2",
"modified": "2023-12-01T00:31:00Z",
"published": "2023-12-01T00:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46690"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4586-432G-JMVG
Vulnerability from github – Published: 2026-02-17 21:31 – Updated: 2026-03-11 18:30Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
{
"affected": [],
"aliases": [
"CVE-2025-59793"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-17T19:21:54Z",
"severity": "CRITICAL"
},
"details": "Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn\u0027t properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.",
"id": "GHSA-4586-432g-jmvg",
"modified": "2026-03-11T18:30:25Z",
"published": "2026-02-17T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59793"
},
{
"type": "WEB",
"url": "https://www.rcesecurity.com"
},
{
"type": "WEB",
"url": "https://www.rcesecurity.com/advisories/cve-2025-59793"
},
{
"type": "WEB",
"url": "https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion"
},
{
"type": "WEB",
"url": "https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-485R-PHMQ-84VW
Vulnerability from github – Published: 2025-04-17 00:30 – Updated: 2025-04-17 00:30Overview
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35)
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service.
Impact
This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
{
"affected": [],
"aliases": [
"CVE-2025-24908"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T23:15:45Z",
"severity": "MODERATE"
},
"details": "Overview \n\n\n\n\u00a0\n\n\n\nThe product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \u0027.../...//\u0027 (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) \n\n\n\n\u00a0\n\n\n\nDescription \n\n\n\n\u00a0\n\n\n\nHitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service. \n\n\n\n\u00a0\n\n\n\nImpact \n\n\n\n\u00a0\n\n\n\nThis allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.",
"id": "GHSA-485r-phmq-84vw",
"modified": "2025-04-17T00:30:26Z",
"published": "2025-04-17T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24908"
},
{
"type": "WEB",
"url": "https://support.pentaho.com/hc/en-us/articles/35783399569421--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Path-Traversal-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-24908"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4CCX-55GP-X5QQ
Vulnerability from github – Published: 2024-11-19 00:32 – Updated: 2026-04-01 18:32: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.
{
"affected": [],
"aliases": [
"CVE-2024-52390"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-18T22:15:08Z",
"severity": "MODERATE"
},
"details": ": Path Traversal: \u0027.../...//\u0027 vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.",
"id": "GHSA-4ccx-55gp-x5qq",
"modified": "2026-04-01T18:32:26Z",
"published": "2024-11-19T00:32:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52390"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/cyan-backup/vulnerability/wordpress-cyan-backup-plugin-2-5-3-arbitrary-file-download-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/cyan-backup/wordpress-cyan-backup-plugin-2-5-3-arbitrary-file-download-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4CH2-HCMC-WJW8
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
{
"affected": [],
"aliases": [
"CVE-2026-52703"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:17:24Z",
"severity": "CRITICAL"
},
"details": "Unauthenticated Path Traversal in FastDup \u003c= 2.7.2 versions.",
"id": "GHSA-4ch2-hcmc-wjw8",
"modified": "2026-06-15T21:30:50Z",
"published": "2026-06-15T21:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52703"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/fastdup/vulnerability/wordpress-fastdup-plugin-2-7-2-path-traversal-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GH8-CR63-898J
Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4.
{
"affected": [],
"aliases": [
"CVE-2025-58972"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-06T16:16:00Z",
"severity": "HIGH"
},
"details": "Path Traversal: \u0027.../...//\u0027 vulnerability in Dmitry V. (CEO of \"UKR Solution\") Barcode Scanner with Inventory \u0026 Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory \u0026 Order Manager: from n/a through \u003c= 1.10.4.",
"id": "GHSA-4gh8-cr63-898j",
"modified": "2026-01-20T15:31:49Z",
"published": "2025-11-06T18:32:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58972"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-10-4-path-traversal-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-10-4-path-traversal-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-10-4-path-traversal-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HJ9-78FP-PPFG
Vulnerability from github – Published: 2025-08-30 03:30 – Updated: 2025-08-30 03:30Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
{
"affected": [],
"aliases": [
"CVE-2025-4956"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-30T02:15:32Z",
"severity": "MODERATE"
},
"details": "Path Traversal: \u0027.../...//\u0027 vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.",
"id": "GHSA-4hj9-78fp-ppfg",
"modified": "2025-08-30T03:30:25Z",
"published": "2025-08-30T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4956"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/pro-watermark/vulnerability/wordpress-pro-bulk-watermark-plugin-for-wordpress-theme-2-0-path-traversal-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4MRC-W7JH-HX4J
Vulnerability from github – Published: 2024-08-23 21:30 – Updated: 2024-08-23 22:51Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mage-ai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.9.73"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45190"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-23T22:51:35Z",
"nvd_published_at": "2024-08-23T20:15:08Z",
"severity": "MODERATE"
},
"details": "Mage AI allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server due to a path traversal in the \"Pipeline Interaction\" request",
"id": "GHSA-4mrc-w7jh-hx4j",
"modified": "2024-08-23T22:51:35Z",
"published": "2024-08-23T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45190"
},
{
"type": "PACKAGE",
"url": "https://github.com/mage-ai/mage-ai"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/mage-ai-pipeline-interaction-request-remote-arbitrary-file-leak-jfsa-2024-001039605"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Mage AI Path Traversal vulnerability"
}
GHSA-4MV3-RXRJ-2GHR
Vulnerability from github – Published: 2025-09-10 18:30 – Updated: 2025-09-10 18:30Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
{
"affected": [],
"aliases": [
"CVE-2025-43886"
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-10T16:15:37Z",
"severity": "MODERATE"
},
"details": "Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: \u0027.../...//\u0027 vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.",
"id": "GHSA-4mv3-rxrj-2ghr",
"modified": "2025-09-10T18:30:15Z",
"published": "2025-09-10T18:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43886"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000367456/dsa-2025-326-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-52C6-VX83-RC69
Vulnerability from github – Published: 2025-02-04 09:31 – Updated: 2025-02-05 18:34Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.
{
"affected": [],
"aliases": [
"CVE-2025-22205"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-35"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-04T08:15:32Z",
"severity": "HIGH"
},
"details": "Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.",
"id": "GHSA-52c6-vx83-rc69",
"modified": "2025-02-05T18:34:44Z",
"published": "2025-02-04T09:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22205"
},
{
"type": "WEB",
"url": "http://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-gallery"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, the ".../...//" manipulation is useful for bypassing some path traversal protection schemes. If "../" sequences are removed from the ".../...//" string in a sequential fashion (as some regular expression engines and other algorithms operate) the string can collapse into the unsafe "../" value (CWE-182). Removing the first "../" yields "....//" and the second removal yields "../".
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.