Common Weakness Enumeration

CWE-426

Allowed-with-Review

Untrusted Search Path

Abstraction: Base · Status: Stable

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

892 vulnerabilities reference this CWE, most recent first.

GHSA-F5XR-Q66Q-M7V8

Vulnerability from github – Published: 2022-05-14 01:02 – Updated: 2025-04-12 12:55
VLAI
Details

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-01-13T05:59:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka \"DLL Loading Remote Code Execution Vulnerability.\"",
  "id": "GHSA-f5xr-q66q-m7v8",
  "modified": "2025-04-12T12:55:46Z",
  "published": "2022-05-14T01:02:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0016"
    },
    {
      "type": "WEB",
      "url": "https://code.google.com/p/google-security-research/issues/detail?id=555"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39233"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034661"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F69P-JVR2-8J5X

Vulnerability from github – Published: 2023-05-22 15:30 – Updated: 2024-04-04 04:16
VLAI
Details

kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-12T01:15:09Z",
    "severity": "HIGH"
  },
  "details": "kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.",
  "id": "GHSA-f69p-jvr2-8j5x",
  "modified": "2024-04-04T04:16:11Z",
  "published": "2023-05-22T15:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29790"
    },
    {
      "type": "WEB",
      "url": "https://blog.mo60.cn/index.php/archives/kodbox.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F6VC-7QMX-FFW4

Vulnerability from github – Published: 2025-06-02 15:31 – Updated: 2025-12-03 21:30
VLAI
Details

Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12168"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T13:15:20Z",
    "severity": "HIGH"
  },
  "details": "Yandex Telemost for Desktop before 2.7.0\u00a0has a DLL Hijacking Vulnerability because an untrusted search path is used.",
  "id": "GHSA-f6vc-7qmx-ffw4",
  "modified": "2025-12-03T21:30:58Z",
  "published": "2025-06-02T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12168"
    },
    {
      "type": "WEB",
      "url": "https://yandex.com/bugbounty/i/hall-of-fame-products"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F72R-2H5J-7639

Vulnerability from github – Published: 2026-01-28 23:00 – Updated: 2026-02-10 19:56
VLAI
Summary
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal
Details

File Read Interface Case Bypass Vulnerability

Vulnerability Name

File Read Interface Case Bypass Vulnerability

Overview

The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protected configuration files.

Impact

  • Read sensitive information in configuration files (e.g., access codes, API Tokens, sync configurations, etc.).
  • Remotely exploitable directly when the service is published without authentication.

Trigger Conditions

  • Running on a case-insensitive file system.
  • The caller can access /api/file/getFile (via CheckAuth or Token injection in published services).

PoC (Generic Example)

After enabling publication:

Request:

POST /api/file/getFile
Content-Type: application/json

{"path":"cOnf/conf.json"}

Expected Result: - Successfully return the content of the configuration file.

Root Cause

Path comparison uses strict case-sensitive string matching, without case normalization or identical file validation.

Fix Recommendations

  • Normalize path casing before comparison (Windows/macOS).
  • Use file-level comparison methods such as os.SameFile.
  • Apply blacklist validation on sensitive paths after case normalization.

Notes

  • Environment identifiers and sensitive information have been removed.

Solution Commit

399a38893e8719968ea2511e177bb53e09973fa6

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.0-20260126094835-d5d10dd41b0c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25992"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-178",
      "CWE-22",
      "CWE-426"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-28T23:00:57Z",
    "nvd_published_at": "2026-02-10T18:16:38Z",
    "severity": "HIGH"
  },
  "details": "# File Read Interface Case Bypass Vulnerability\n## Vulnerability Name\nFile Read Interface Case Bypass Vulnerability\n\n## Overview\nThe `/api/file/getFile` endpoint uses **case-sensitive string equality checks** to block access to sensitive files.\nOn case-insensitive file systems such as **Windows**, attackers can bypass restrictions using mixed-case paths\nand read protected configuration files.\n\n## Impact\n- Read sensitive information in configuration files (e.g., access codes, API Tokens, sync configurations, etc.).\n- Remotely exploitable directly when the service is published without authentication.\n\n## Trigger Conditions\n- Running on a **case-insensitive file system**.\n- The caller can access `/api/file/getFile` (via CheckAuth or Token injection in published services).\n\n## PoC (Generic Example)\nAfter enabling publication:\n\n**Request:**\n```http\nPOST /api/file/getFile\nContent-Type: application/json\n\n{\"path\":\"cOnf/conf.json\"}\n```\n\n**Expected Result:**\n- Successfully return the content of the configuration file.\n\n## Root Cause\nPath comparison uses strict case-sensitive string matching, without case normalization or identical file validation.\n\n## Fix Recommendations\n- Normalize path casing before comparison (Windows/macOS).\n- Use file-level comparison methods such as `os.SameFile`.\n- Apply blacklist validation on sensitive paths **after case normalization**.\n\n## Notes\n- Environment identifiers and sensitive information have been removed.\n\n## Solution Commit\n`399a38893e8719968ea2511e177bb53e09973fa6`",
  "id": "GHSA-f72r-2h5j-7639",
  "modified": "2026-02-10T19:56:53Z",
  "published": "2026-01-28T23:00:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25992"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/1f02650b3892d2ea3896242dd2422c30bda55e11"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal"
}

GHSA-F79W-JPPJ-65WV

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-10T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.",
  "id": "GHSA-f79w-jppj-65wv",
  "modified": "2022-05-13T01:33:12Z",
  "published": "2022-05-13T01:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1487"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140972"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016505"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041231"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F7W4-66VV-C7CF

Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2022-05-17 00:35
VLAI
Details

Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-3887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-21T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.",
  "id": "GHSA-f7w4-66vv-c7cf",
  "modified": "2022-05-17T00:35:40Z",
  "published": "2022-05-17T00:35:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3887"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rofl0r/proxychains-ng/issues/60"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5#diff-803c5170888b8642f2a97e5e9423d399"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147013"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rofl0r/proxychains-ng/blob/v4.9/README#L56"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/05/13/11"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74648"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F7XV-MWMJ-X7P9

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:56Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability",
  "id": "GHSA-f7xv-mwmj-x7p9",
  "modified": "2024-01-09T18:30:29Z",
  "published": "2024-01-09T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21325"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21325"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F85M-3JQ8-C2M2

Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03
VLAI
Details

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-07T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.",
  "id": "GHSA-f85m-3jq8-c2m2",
  "modified": "2022-05-14T02:03:30Z",
  "published": "2022-05-14T02:03:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0624"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN06813756/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8MP-VJ46-CQ8V

Vulnerability from github – Published: 2026-03-03 19:52 – Updated: 2026-03-25 18:44
VLAI
Summary
OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment
Details

The shell environment fallback path could invoke an attacker-controlled shell when SHELL was inherited from an untrusted host environment. In affected builds, shell-env loading used $SHELL -l -c 'env -0' without validating that SHELL points to a trusted executable.

In threat-model terms, this requires local environment compromise or untrusted startup environment injection first; it is not a remote pre-auth path. The hardening patch validates SHELL as an absolute normalized executable, prefers /etc/shells, applies trusted-prefix fallback checks, and falls back safely to /bin/sh when validation fails. The dangerous env-var policy now also blocks SHELL overrides.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.21-2
  • Latest published vulnerable version: 2026.2.21-2
  • Patched versions (planned next release): >= 2026.2.22

Fix Commit(s)

  • 25e89cc86338ef475d26be043aa541dfdb95e52a

Release Process Note

The advisory pre-sets patched_versions to the planned next release (2026.2.22). After that npm release is published, maintainers can publish this advisory without further version-field edits.

OpenClaw thanks @athuljayaram for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T19:52:45Z",
    "nvd_published_at": "2026-03-19T22:16:38Z",
    "severity": "HIGH"
  },
  "details": "The shell environment fallback path could invoke an attacker-controlled shell when `SHELL` was inherited from an untrusted host environment. In affected builds, shell-env loading used `$SHELL -l -c \u0027env -0\u0027` without validating that `SHELL` points to a trusted executable.\n\nIn threat-model terms, this requires local environment compromise or untrusted startup environment injection first; it is not a remote pre-auth path. The hardening patch validates `SHELL` as an absolute normalized executable, prefers `/etc/shells`, applies trusted-prefix fallback checks, and falls back safely to `/bin/sh` when validation fails. The dangerous env-var policy now also blocks `SHELL` overrides.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.2.21-2`\n- Latest published vulnerable version: `2026.2.21-2`\n- Patched versions (planned next release): `\u003e= 2026.2.22`\n\n## Fix Commit(s)\n- `25e89cc86338ef475d26be043aa541dfdb95e52a`\n\n## Release Process Note\nThe advisory pre-sets `patched_versions` to the planned next release (`2026.2.22`). After that npm release is published, maintainers can publish this advisory without further version-field edits.\n\nOpenClaw thanks @athuljayaram for reporting.",
  "id": "GHSA-f8mp-vj46-cq8v",
  "modified": "2026-03-25T18:44:27Z",
  "published": "2026-03-03T19:52:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f8mp-vj46-cq8v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32032"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/25e89cc86338ef475d26be043aa541dfdb95e52a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-shell-execution-via-unvalidated-shell-environment-variable"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s shell env fallback trusts unvalidated SHELL path from host environment"
}

GHSA-F8XF-HH25-83G3

Vulnerability from github – Published: 2024-03-06 12:30 – Updated: 2024-03-06 12:30
VLAI
Details

This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-06T12:15:45Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.\n",
  "id": "GHSA-f8xf-hh25-83g3",
  "modified": "2024-03-06T12:30:29Z",
  "published": "2024-03-06T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25103"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0081"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.

Mitigation
Implementation

When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.

Mitigation
Implementation

Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.

Mitigation
Implementation

Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.

Mitigation
Implementation

Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.

CAPEC-38: Leveraging/Manipulating Configuration File Search Paths

This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.