Common Weakness Enumeration

CWE-427

Allowed-with-Review

Uncontrolled Search Path Element

Abstraction: Base · Status: Draft

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1786 vulnerabilities reference this CWE, most recent first.

GHSA-M59V-VRFW-F5J3

Vulnerability from github – Published: 2024-05-16 21:32 – Updated: 2024-05-16 21:32
VLAI
Details

Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T21:16:02Z",
    "severity": "MODERATE"
  },
  "details": "Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-m59v-vrfw-f5j3",
  "modified": "2024-05-16T21:32:01Z",
  "published": "2024-05-16T21:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21774"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01054.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M5CV-RQ77-5Q44

Vulnerability from github – Published: 2025-09-10 12:30 – Updated: 2026-01-29 18:31
VLAI
Details

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-10T12:15:32Z",
    "severity": "HIGH"
  },
  "details": "DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the \u0027C:\\Users\\\u003cuser\u003e\\AppData\\Local\\UPDF\\FREngine\\Bin64\\\u0027 directory, which could lead to arbitrary code execution and persistence.",
  "id": "GHSA-m5cv-rq77-5q44",
  "modified": "2026-01-29T18:31:30Z",
  "published": "2025-09-10T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10214"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-updf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M678-F26J-3HRP

Vulnerability from github – Published: 2022-10-26 22:07 – Updated: 2024-09-24 20:39
VLAI
Summary
Execution with Unnecessary Privileges in JupyterApp
Details

Impact

What kind of vulnerability is it? Who is impacted? We’d like to disclose an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in the current working directory. This vulnerability allows one user to run code as another.

Patches

Has the problem been patched? What versions should users upgrade to? Users should upgrade to jupyter_core>=4.11.2.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? No

References

Are there any links users can visit to find out more? Similar advisory in IPython

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyter-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-250",
      "CWE-269",
      "CWE-427"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-26T22:07:00Z",
    "nvd_published_at": "2022-10-26T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nWe\u2019d like to disclose an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in the current working directory. This vulnerability allows one user to run code as another.\n\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nUsers should upgrade to `jupyter_core\u003e=4.11.2`.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nNo\n\n### References\n_Are there any links users can visit to find out more?_\nSimilar advisory in [IPython](https://github.com/advisories/GHSA-pq7m-3gw7-gq5x)\n\n",
  "id": "GHSA-m678-f26j-3hrp",
  "modified": "2024-09-24T20:39:29Z",
  "published": "2022-10-26T22:07:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39286"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter/jupyter_core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-core/PYSEC-2022-42974.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KKMP5OXXIX2QAUNVNJZ5UEQFKDYYJVBA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIDN7JMLK6AOMBQI4QPSW4MBQGWQ5NIN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202301-04"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5422"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Execution with Unnecessary Privileges in JupyterApp"
}

GHSA-M6JF-WJ3W-42J2

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31
VLAI
Details

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.\u003cbr\u003eThis bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR \u003c 102.1, Firefox \u003c 103, and Thunderbird \u003c 102.1.",
  "id": "GHSA-m6jf-wj3w-42j2",
  "modified": "2025-04-15T18:31:31Z",
  "published": "2022-12-22T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36314"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1773894"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-28"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-30"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M78J-WWFX-36XP

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-12T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.",
  "id": "GHSA-m78j-wwfx-36xp",
  "modified": "2022-05-24T17:44:30Z",
  "published": "2022-05-24T17:44:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21518"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M7MQ-GP8M-39MP

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-25T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim\u0027s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.",
  "id": "GHSA-m7mq-gp8m-39mp",
  "modified": "2022-05-24T17:45:21Z",
  "published": "2022-05-24T17:45:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6788"
    },
    {
      "type": "WEB",
      "url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M7P7-GCP5-WR3W

Vulnerability from github – Published: 2026-02-12 06:30 – Updated: 2026-02-12 06:30
VLAI
Details

The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-12T05:17:04Z",
    "severity": "HIGH"
  },
  "details": "The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.",
  "id": "GHSA-m7p7-gcp5-wr3w",
  "modified": "2026-02-12T06:30:13Z",
  "published": "2026-02-12T06:30:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25676"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN88690363"
    },
    {
      "type": "WEB",
      "url": "https://www.m-audio.com/audio-midi-interfaces/m-track-duo-hd.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M892-QJXF-RM97

Vulnerability from github – Published: 2023-06-04 00:30 – Updated: 2023-06-04 00:30
VLAI
Details

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-04T00:15:09Z",
    "severity": "HIGH"
  },
  "details": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-m892-qjxf-rm97",
  "modified": "2023-06-04T00:30:19Z",
  "published": "2023-06-04T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3091"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.230668"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.230668"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M898-H4PM-PQFR

Vulnerability from github – Published: 2021-05-25 18:44 – Updated: 2025-05-19 16:35
VLAI
Summary
Arbitrary code execution due to an uncontrolled search path for the git binary
Details

Impact

The go language recently addressed a security issue in the way that binaries are found before being executed. Some operating systems like Windows persist to have the current directory being part of the default search path, and having priority over the system-wide path.

This means that it's possible for a malicious user to craft for example a git.bat command, commit it and push it in a repository. Later when git-bug search for the git binary, this malicious executable can take priority and be executed.

Who is impacted

This issue happen on Windows and some other operating systems with a badly configured PATH.

All version prior to 0.7.2 are vulnerable to this issue.

Patches

Version 0.7.2 fix this issue. Users should update as soon as possible.

References

More details about this issue can be found here.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/MichaelMure/git-bug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-28955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T21:22:50Z",
    "nvd_published_at": "2021-03-22T07:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe go language recently addressed a security issue in the way that binaries are found before being executed. Some operating systems like Windows persist to have the current directory being part of the default search path, and having priority over the system-wide path.\n\nThis means that it\u0027s possible for a malicious user to craft for example a `git.bat` command, commit it and push it in a repository. Later when git-bug search for the git binary, this malicious executable can take priority  and be executed.\n\n### Who is impacted\n\nThis issue happen on Windows and some other operating systems with a badly configured PATH.\n\nAll version prior to 0.7.2 are vulnerable to this issue.\n\n### Patches\n\nVersion 0.7.2 fix this issue. Users should update as soon as possible.\n\n### References\n\nMore details about this issue can be found [here](https://blog.golang.org/path-security).",
  "id": "GHSA-m898-h4pm-pqfr",
  "modified": "2025-05-19T16:35:59Z",
  "published": "2021-05-25T18:44:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/git-bug/git-bug/security/advisories/GHSA-m898-h4pm-pqfr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28955"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MichaelMure/git-bug/pull/604"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/git-bug/git-bug"
    },
    {
      "type": "WEB",
      "url": "https://vuln.ryotak.me/advisories/18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary code execution due to an uncontrolled search path for the git binary"
}

GHSA-M89Q-5H24-2XM5

Vulnerability from github – Published: 2024-01-12 09:30 – Updated: 2024-01-12 09:30
VLAI
Details

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows local user to escalate privileges

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T08:15:43Z",
    "severity": "HIGH"
  },
  "details": "Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows local user to escalate privileges",
  "id": "GHSA-m89q-5h24-2xm5",
  "modified": "2024-01-12T09:30:29Z",
  "published": "2024-01-12T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6740"
    },
    {
      "type": "WEB",
      "url": "https://checkmk.com/werk/16163"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.

Mitigation
Implementation

Strategy: Attack Surface Reduction

Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.

Mitigation
Implementation

Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory. Since this is a denylist approach, it might not be a complete solution.

Mitigation
Implementation

Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of finding the program using the PATH environment variable, while execl() and execv() require a full path.

CAPEC-38: Leveraging/Manipulating Configuration File Search Paths

This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.

CAPEC-471: Search Order Hijacking

An adversary exploits a weakness in an application's specification of external libraries to exploit the functionality of the loader where the process loading the library searches first in the same directory in which the process binary resides and then in other directories. Exploitation of this preferential search order can allow an attacker to make the loading process load the adversary's rogue library rather than the legitimate library. This attack can be leveraged with many different libraries and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect library had been loaded.