CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1987 vulnerabilities reference this CWE, most recent first.
GHSA-8GPJ-8888-5722
Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2024-01-26 18:30script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
{
"affected": [],
"aliases": [
"CVE-2001-1494"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-12-31T05:00:00Z",
"severity": "LOW"
},
"details": "script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.",
"id": "GHSA-8gpj-8888-5722",
"modified": "2024-01-26T18:30:29Z",
"published": "2022-04-30T18:18:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1494"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7718"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Dec/0122.html"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2001/Dec/0123.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/16785"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/18502"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-782.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/16280"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8GVG-VXVQ-QH2R
Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2022-05-17 03:05ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.
{
"affected": [],
"aliases": [
"CVE-2014-4038"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-06-17T15:55:00Z",
"severity": "MODERATE"
},
"details": "ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.",
"id": "GHSA-8gvg-vxvq-qh2r",
"modified": "2022-05-17T03:05:58Z",
"published": "2022-05-17T03:05:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4038"
},
{
"type": "WEB",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=882667"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109371"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2014/06/17/1"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0383.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1320.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60616"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/68049"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8H2X-QHM8-R594
Vulnerability from github – Published: 2022-05-01 06:47 – Updated: 2022-05-01 06:47rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
{
"affected": [],
"aliases": [
"CVE-2006-1247"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-04-19T16:06:00Z",
"severity": "LOW"
},
"details": "rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.",
"id": "GHSA-8h2x-qhm8-r594",
"modified": "2022-05-01T06:47:22Z",
"published": "2022-05-01T06:47:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1247"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25848"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19656"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1015952"
},
{
"type": "WEB",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY82357"
},
{
"type": "WEB",
"url": "http://www.nsfocus.com/english/homepage/research/0603.htm"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/24706"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/431846/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/431848/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/17576"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/1389"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8H6X-C8RF-G4XJ
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
{
"affected": [],
"aliases": [
"CVE-2021-32552"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.",
"id": "GHSA-8h6x-c8rf-g4xj",
"modified": "2022-05-24T19:05:15Z",
"published": "2022-05-24T19:05:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32552"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8J28-3434-4Q9H
Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-25 21:30This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
{
"affected": [],
"aliases": [
"CVE-2026-28866"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T01:17:10Z",
"severity": "MODERATE"
},
"details": "This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.",
"id": "GHSA-8j28-3434-4q9h",
"modified": "2026-03-25T21:30:31Z",
"published": "2026-03-25T03:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28866"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126792"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126793"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126794"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126795"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8J8P-J2W4-2QVH
Vulnerability from github – Published: 2024-01-23 21:30 – Updated: 2025-06-17 18:31An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-47192"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-23T21:15:08Z",
"severity": "HIGH"
},
"details": "An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-8j8p-j2w4-2qvh",
"modified": "2025-06-17T18:31:31Z",
"published": "2024-01-23T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47192"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1611"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8JJ4-2Q63-PFR7
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2021-0094"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T20:15:00Z",
"severity": "HIGH"
},
"details": "Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.",
"id": "GHSA-8jj4-2q63-pfr7",
"modified": "2022-05-24T19:04:24Z",
"published": "2022-05-24T19:04:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0094"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00510.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8JM3-2795-WC98
Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2024-04-03 23:05openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.
{
"affected": [],
"aliases": [
"CVE-2011-3351"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-25T22:15:00Z",
"severity": "HIGH"
},
"details": "openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.",
"id": "GHSA-8jm3-2795-wc98",
"modified": "2024-04-03T23:05:14Z",
"published": "2022-04-22T00:24:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3351"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2011-3351"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3351"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-3351"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3351"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M3F-G62J-3VX8
Vulnerability from github – Published: 2022-12-27 12:30 – Updated: 2023-01-19 00:59A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 can address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "binwalk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4287"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-61"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T17:48:02Z",
"nvd_published_at": "2022-12-27T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 can address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.",
"id": "GHSA-8m3f-g62j-3vx8",
"modified": "2023-01-19T00:59:08Z",
"published": "2022-12-27T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4287"
},
{
"type": "WEB",
"url": "https://github.com/ReFirmLabs/binwalk/pull/556"
},
{
"type": "WEB",
"url": "https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd"
},
{
"type": "PACKAGE",
"url": "https://github.com/ReFirmLabs/binwalk"
},
{
"type": "WEB",
"url": "https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.216876"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.216876"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "binwalk vulnerable to UNIX Symbolic Link (Symlink) Following"
}
GHSA-8M49-2XJ8-67V9
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-28 18:02SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "Simple-Wayland-HotKey-Daemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-27816"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-01T15:15:32Z",
"nvd_published_at": "2022-03-30T02:15:00Z",
"severity": "HIGH"
},
"details": "SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the `1.1.0` branch of the repository.",
"id": "GHSA-8m49-2xj8-67v9",
"modified": "2022-04-28T18:02:03Z",
"published": "2022-03-31T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27816"
},
{
"type": "WEB",
"url": "https://github.com/waycrate/swhkd/commit/0b620a09605afb815c6d8d8953bbb7a10a8c0575"
},
{
"type": "PACKAGE",
"url": "https://github.com/waycrate/swhkd"
},
{
"type": "WEB",
"url": "https://github.com/waycrate/swhkd/releases/tag/1.2.0"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/04/14/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Data Loss/Denial of Service in SWHKD"
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.