Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1988 vulnerabilities reference this CWE, most recent first.

GHSA-C7FC-4FVH-989J

Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2022-05-17 04:52
VLAI
Details

fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-0541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-09-02T23:55:00Z",
    "severity": "LOW"
  },
  "details": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.",
  "id": "GHSA-c7fc-4fvh-989j",
  "modified": "2022-05-17T04:52:58Z",
  "published": "2022-05-17T04:52:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0541"
    },
    {
      "type": "WEB",
      "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"
    },
    {
      "type": "WEB",
      "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-C7HG-FXJP-Q9JP

Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31
VLAI
Details

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57991"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-03T21:17:02Z",
    "severity": "HIGH"
  },
  "details": "Improper link resolution before file access (\u0027link following\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-c7hg-fxjp-q9jp",
  "modified": "2026-07-03T21:31:39Z",
  "published": "2026-07-03T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57991"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57991"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C866-8GPW-P3MV

Vulnerability from github – Published: 2024-02-08 21:30 – Updated: 2024-09-26 21:10
VLAI
Summary
HashiCorp Nomad vulnerable to symlink attacks
Details

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/nomad"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.5.13"
            },
            {
              "fixed": "1.5.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.5.13"
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.6.6"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/nomad"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.6.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/nomad"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.3"
            },
            {
              "fixed": "1.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.7.3"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T15:08:40Z",
    "nvd_published_at": "2024-02-08T20:15:52Z",
    "severity": "HIGH"
  },
  "details": "HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.",
  "id": "GHSA-c866-8gpw-p3mv",
  "modified": "2024-09-26T21:10:36Z",
  "published": "2024-02-08T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1329"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/nomad/issues/19888"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/nomad/commit/b3209cbc6921e703b0e9984ce70c10b378665834"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/nomad/commit/d1721c7a6fc1833778086603f818a822a34f445a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/nomad/commit/de55da677a21ac7572c0f4a8cd9abd5473c47a70"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hashicorp/nomad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HashiCorp Nomad vulnerable to symlink attacks"
}

GHSA-C8GW-8XXV-VG93

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T02:15:23Z",
    "severity": "HIGH"
  },
  "details": "VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899.",
  "id": "GHSA-c8gw-8xxv-vg93",
  "modified": "2024-05-03T03:30:51Z",
  "published": "2024-05-03T03:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32175"
    },
    {
      "type": "WEB",
      "url": "https://success.vipre.com/en_US/antivirus-plus-release-notes/home-plus-release-notes-20230530"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-755"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C9G9-8P38-4P39

Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31
VLAI
Details

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-08T02:15:49Z",
    "severity": "HIGH"
  },
  "details": "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.",
  "id": "GHSA-c9g9-8p38-4p39",
  "modified": "2026-04-02T21:31:38Z",
  "published": "2024-03-08T03:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23285"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120895"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214084"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214084"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CC8F-XG8V-72M3

Vulnerability from github – Published: 2026-02-03 17:42 – Updated: 2026-02-04 21:55
VLAI
Summary
Compressing Vulnerable to Arbitrary File Write via Symlink Extraction
Details

Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing

Brief Introduction

The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can cause subsequent file entries to be written to arbitrary locations on the host file system.

Depending on the extractor’s handling of existing files, this behavior may allow overwriting sensitive files or creating new files in security-critical locations.

Affected Component and Versions

  • Component: github.com/node-modules/compressing
  • Affected Versions: <= 1.10.3 || =2.0.0

Vulnerability Details

Root Cause

compressing.tar.uncompress sanitizes the destination paths of archive entries, but it does not restrict or validate the targets of symlinks contained in TAR archives. During extraction, the library creates those symlinks inside the output directory. Later entries that resolve through the symlink are written to the symlink target rather than the intended extraction root, enabling an arbitrary file write.

Impact

An attacker who can supply a crafted TAR archive can:

  • Cause files to be written outside the intended extraction directory (arbitrary file write via symlink traversal).

  • Write files to attacker-controlled paths on the host file system once symbolic links are followed during extraction.

  • In environments where extraction is performed with elevated privileges or targets executable paths, this may lead to code execution, privilege escalation, data corruption, or denial of service.

Reproduction

Environment

  • OS: Ubuntu 24.04
  • Node.js: v24.12.0
  • compressing: 2.0.0

Construct PoC Archive

The following pseudo-code demonstrates the attack logic:

base_dir = "archive/"
with tarfile.open("./poc_arbitrary_write.tar", mode="w") as tar:
    add_regular_file(tar, base_dir + "baseFile.txt", "base content\n")
    add_symlink(tar, base_dir + "myTmp", "/tmp")
    add_regular_file(tar, base_dir + "myTmp/poc.txt", "Arbitrary File Write\n")

Extract the Archive

const compressing = require('compressing');

function untar(archiveName, destPath) {
  return compressing.tar.uncompress(archiveName, destPath);
}


async function main() {
  const archivePath = process.argv[2];
  const destPath = "./output";

  if (archivePath && archivePath.endsWith(".tar")) {
    await untar(archivePath, destPath);
  }
}

main();

Attack Results

image

After extraction, the output directory contains a symlink pointing to /tmp. The file poc.txt is then written through the symlink to /tmp/poc.txt, demonstrating an arbitrary file write outside the extraction directory.

Summary

compressing restores symlinks from TAR archives without validating their targets. By combining a malicious symlink with a subsequent file entry, an attacker can redirect extracted files to arbitrary locations on the host.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "compressing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.10.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "compressing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-03T17:42:18Z",
    "nvd_published_at": "2026-02-04T20:16:05Z",
    "severity": "HIGH"
  },
  "details": "# Arbitrary File Write via Symlink Extraction in `github.com/node-modules/compressing`\n\n## Brief Introduction\n\nThe `compressing` npm package extracts TAR archives while restoring symbolic links without validating their targets. \nBy embedding symlinks that resolve outside the intended extraction directory, an attacker can cause subsequent file entries to be written to arbitrary locations on the host file system.\n\nDepending on the extractor\u2019s handling of existing files, this behavior may allow overwriting sensitive files or creating new files in security-critical locations.\n\n## Affected Component and Versions\n\n- **Component**: `github.com/node-modules/compressing`\n- **Affected Versions**: `\u003c= 1.10.3 || =2.0.0` \n\n## Vulnerability Details\n\n### Root Cause\n\n`compressing.tar.uncompress` sanitizes the destination paths of archive entries, but it does **not** restrict or validate the targets of symlinks contained in TAR archives. During extraction, the library creates those symlinks inside the output directory. Later entries that resolve through the symlink are written to the symlink target rather than the intended extraction root, enabling an arbitrary file write.\n\n### Impact\n\nAn attacker who can supply a crafted TAR archive can:\n\n- Cause files to be written outside the intended extraction directory (arbitrary file write via symlink traversal).\n\n- Write files to attacker-controlled paths on the host file system once symbolic links are followed during extraction.\n\n- In environments where extraction is performed with elevated privileges or targets executable paths, this may lead to code execution, privilege escalation, data corruption, or denial of service.\n\n## Reproduction\n\n### Environment\n\n- **OS**: Ubuntu 24.04\n- **Node.js**: v24.12.0\n- **compressing**: 2.0.0\n\n### Construct PoC Archive\n\nThe following pseudo-code demonstrates the attack logic:\n\n```python\nbase_dir = \"archive/\"\nwith tarfile.open(\"./poc_arbitrary_write.tar\", mode=\"w\") as tar:\n    add_regular_file(tar, base_dir + \"baseFile.txt\", \"base content\\n\")\n    add_symlink(tar, base_dir + \"myTmp\", \"/tmp\")\n    add_regular_file(tar, base_dir + \"myTmp/poc.txt\", \"Arbitrary File Write\\n\")\n```\n\n### Extract the Archive\n\n```javascript\nconst compressing = require(\u0027compressing\u0027);\n\nfunction untar(archiveName, destPath) {\n  return compressing.tar.uncompress(archiveName, destPath);\n}\n\n\nasync function main() {\n  const archivePath = process.argv[2];\n  const destPath = \"./output\";\n\n  if (archivePath \u0026\u0026 archivePath.endsWith(\".tar\")) {\n    await untar(archivePath, destPath);\n  }\n}\n\nmain();\n```\n\n### Attack Results\n\n\u003cimg width=\"547\" height=\"161\" alt=\"image\" src=\"https://github.com/user-attachments/assets/5ea12efd-0d3f-4f8a-8414-b3a5c72e153e\" /\u003e\n\n\nAfter extraction, the output directory contains a symlink pointing to `/tmp`. The file `poc.txt` is then written through the symlink to `/tmp/poc.txt`, demonstrating an arbitrary file write outside the extraction directory.\n\n## Summary\n\n`compressing` restores symlinks from TAR archives without validating their targets. By combining a malicious symlink with a subsequent file entry, an attacker can redirect extracted files to arbitrary locations on the host.",
  "id": "GHSA-cc8f-xg8v-72m3",
  "modified": "2026-02-04T21:55:36Z",
  "published": "2026-02-03T17:42:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/node-modules/compressing/security/advisories/GHSA-cc8f-xg8v-72m3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24884"
    },
    {
      "type": "WEB",
      "url": "https://github.com/node-modules/compressing/commit/8d16c196c7f1888fc1af957d9ff36117247cea6c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/node-modules/compressing/commit/ce1c0131c401c071c77d5a1425bf8c88cfc16361"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/node-modules/compressing"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Compressing Vulnerable to Arbitrary File Write via Symlink Extraction"
}

GHSA-CF2R-5CHQ-JMM8

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:51
VLAI
Details

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-04T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.",
  "id": "GHSA-cf2r-5chq-jmm8",
  "modified": "2024-04-04T00:51:18Z",
  "published": "2022-05-24T16:47:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yubico/pam-u2f/commit/7db3386fcdb454e33a3ea30dcfb8e8960d4c3aa3"
    },
    {
      "type": "WEB",
      "url": "https://developers.yubico.com/pam-u2f/Release_Notes.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FOR4ADC356JPCHAJI5UXZORLC3VNBPS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCGU6UQLI3ZTW3UYCTMQW7VDL5M4LCWR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FOR4ADC356JPCHAJI5UXZORLC3VNBPS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCGU6UQLI3ZTW3UYCTMQW7VDL5M4LCWR"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/05/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CF35-R4VM-VV4F

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T20:15:11Z",
    "severity": "HIGH"
  },
  "details": "Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.",
  "id": "GHSA-cf35-r4vm-vv4f",
  "modified": "2024-11-22T21:32:16Z",
  "published": "2024-11-22T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6233"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CF5W-7GQX-4GH9

Vulnerability from github – Published: 2022-05-01 18:18 – Updated: 2022-05-01 18:18
VLAI
Details

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-3919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-28T17:08:00Z",
    "severity": "MODERATE"
  },
  "details": "(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.",
  "id": "GHSA-cf5w-7gqx-4gh9",
  "modified": "2022-05-01T18:18:35Z",
  "published": "2022-05-01T18:18:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3919"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37403"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/41342"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/41343"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27389"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27408"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27497"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29963"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1395"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26190"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018859"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3621"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CF69-G2CJ-5W8C

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:16:02Z",
    "severity": "HIGH"
  },
  "details": "Improper link resolution before file access (\u0027link following\u0027) in Visual Studio allows an unauthorized attacker to elevate privileges over a network.",
  "id": "GHSA-cf69-g2cj-5w8c",
  "modified": "2025-07-08T18:31:51Z",
  "published": "2025-07-08T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49739"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.