CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1988 vulnerabilities reference this CWE, most recent first.
GHSA-C7FC-4FVH-989J
Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2022-05-17 04:52fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
{
"affected": [],
"aliases": [
"CVE-2011-0541"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-09-02T23:55:00Z",
"severity": "LOW"
},
"details": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.",
"id": "GHSA-c7fc-4fvh-989j",
"modified": "2022-05-17T04:52:58Z",
"published": "2022-05-17T04:52:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0541"
},
{
"type": "WEB",
"url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"
},
{
"type": "WEB",
"url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C7HG-FXJP-Q9JP
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-57991"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:02Z",
"severity": "HIGH"
},
"details": "Improper link resolution before file access (\u0027link following\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-c7hg-fxjp-q9jp",
"modified": "2026-07-03T21:31:39Z",
"published": "2026-07-03T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57991"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57991"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C866-8GPW-P3MV
Vulnerability from github – Published: 2024-02-08 21:30 – Updated: 2024-09-26 21:10HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/nomad"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.13"
},
{
"fixed": "1.5.14"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.13"
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.6.6"
},
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/nomad"
},
"ranges": [
{
"events": [
{
"introduced": "1.6.0"
},
{
"fixed": "1.6.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/nomad"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.3"
},
{
"fixed": "1.7.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.3"
]
}
],
"aliases": [
"CVE-2024-1329"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-09T15:08:40Z",
"nvd_published_at": "2024-02-08T20:15:52Z",
"severity": "HIGH"
},
"details": "HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.",
"id": "GHSA-c866-8gpw-p3mv",
"modified": "2024-09-26T21:10:36Z",
"published": "2024-02-08T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1329"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/issues/19888"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/commit/b3209cbc6921e703b0e9984ce70c10b378665834"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/commit/d1721c7a6fc1833778086603f818a822a34f445a"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/commit/de55da677a21ac7572c0f4a8cd9abd5473c47a70"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/nomad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "HashiCorp Nomad vulnerable to symlink attacks"
}
GHSA-C8GW-8XXV-VG93
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899.
{
"affected": [],
"aliases": [
"CVE-2023-32175"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T02:15:23Z",
"severity": "HIGH"
},
"details": "VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899.",
"id": "GHSA-c8gw-8xxv-vg93",
"modified": "2024-05-03T03:30:51Z",
"published": "2024-05-03T03:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32175"
},
{
"type": "WEB",
"url": "https://success.vipre.com/en_US/antivirus-plus-release-notes/home-plus-release-notes-20230530"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-755"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C9G9-8P38-4P39
Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.
{
"affected": [],
"aliases": [
"CVE-2024-23285"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-61"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-08T02:15:49Z",
"severity": "HIGH"
},
"details": "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.",
"id": "GHSA-c9g9-8p38-4p39",
"modified": "2026-04-02T21:31:38Z",
"published": "2024-03-08T03:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23285"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120895"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214084"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CC8F-XG8V-72M3
Vulnerability from github – Published: 2026-02-03 17:42 – Updated: 2026-02-04 21:55Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing
Brief Introduction
The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets.
By embedding symlinks that resolve outside the intended extraction directory, an attacker can cause subsequent file entries to be written to arbitrary locations on the host file system.
Depending on the extractor’s handling of existing files, this behavior may allow overwriting sensitive files or creating new files in security-critical locations.
Affected Component and Versions
- Component:
github.com/node-modules/compressing - Affected Versions:
<= 1.10.3 || =2.0.0
Vulnerability Details
Root Cause
compressing.tar.uncompress sanitizes the destination paths of archive entries, but it does not restrict or validate the targets of symlinks contained in TAR archives. During extraction, the library creates those symlinks inside the output directory. Later entries that resolve through the symlink are written to the symlink target rather than the intended extraction root, enabling an arbitrary file write.
Impact
An attacker who can supply a crafted TAR archive can:
-
Cause files to be written outside the intended extraction directory (arbitrary file write via symlink traversal).
-
Write files to attacker-controlled paths on the host file system once symbolic links are followed during extraction.
-
In environments where extraction is performed with elevated privileges or targets executable paths, this may lead to code execution, privilege escalation, data corruption, or denial of service.
Reproduction
Environment
- OS: Ubuntu 24.04
- Node.js: v24.12.0
- compressing: 2.0.0
Construct PoC Archive
The following pseudo-code demonstrates the attack logic:
base_dir = "archive/"
with tarfile.open("./poc_arbitrary_write.tar", mode="w") as tar:
add_regular_file(tar, base_dir + "baseFile.txt", "base content\n")
add_symlink(tar, base_dir + "myTmp", "/tmp")
add_regular_file(tar, base_dir + "myTmp/poc.txt", "Arbitrary File Write\n")
Extract the Archive
const compressing = require('compressing');
function untar(archiveName, destPath) {
return compressing.tar.uncompress(archiveName, destPath);
}
async function main() {
const archivePath = process.argv[2];
const destPath = "./output";
if (archivePath && archivePath.endsWith(".tar")) {
await untar(archivePath, destPath);
}
}
main();
Attack Results
After extraction, the output directory contains a symlink pointing to /tmp. The file poc.txt is then written through the symlink to /tmp/poc.txt, demonstrating an arbitrary file write outside the extraction directory.
Summary
compressing restores symlinks from TAR archives without validating their targets. By combining a malicious symlink with a subsequent file entry, an attacker can redirect extracted files to arbitrary locations on the host.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "compressing"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0"
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.10.3"
},
"package": {
"ecosystem": "npm",
"name": "compressing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24884"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-03T17:42:18Z",
"nvd_published_at": "2026-02-04T20:16:05Z",
"severity": "HIGH"
},
"details": "# Arbitrary File Write via Symlink Extraction in `github.com/node-modules/compressing`\n\n## Brief Introduction\n\nThe `compressing` npm package extracts TAR archives while restoring symbolic links without validating their targets. \nBy embedding symlinks that resolve outside the intended extraction directory, an attacker can cause subsequent file entries to be written to arbitrary locations on the host file system.\n\nDepending on the extractor\u2019s handling of existing files, this behavior may allow overwriting sensitive files or creating new files in security-critical locations.\n\n## Affected Component and Versions\n\n- **Component**: `github.com/node-modules/compressing`\n- **Affected Versions**: `\u003c= 1.10.3 || =2.0.0` \n\n## Vulnerability Details\n\n### Root Cause\n\n`compressing.tar.uncompress` sanitizes the destination paths of archive entries, but it does **not** restrict or validate the targets of symlinks contained in TAR archives. During extraction, the library creates those symlinks inside the output directory. Later entries that resolve through the symlink are written to the symlink target rather than the intended extraction root, enabling an arbitrary file write.\n\n### Impact\n\nAn attacker who can supply a crafted TAR archive can:\n\n- Cause files to be written outside the intended extraction directory (arbitrary file write via symlink traversal).\n\n- Write files to attacker-controlled paths on the host file system once symbolic links are followed during extraction.\n\n- In environments where extraction is performed with elevated privileges or targets executable paths, this may lead to code execution, privilege escalation, data corruption, or denial of service.\n\n## Reproduction\n\n### Environment\n\n- **OS**: Ubuntu 24.04\n- **Node.js**: v24.12.0\n- **compressing**: 2.0.0\n\n### Construct PoC Archive\n\nThe following pseudo-code demonstrates the attack logic:\n\n```python\nbase_dir = \"archive/\"\nwith tarfile.open(\"./poc_arbitrary_write.tar\", mode=\"w\") as tar:\n add_regular_file(tar, base_dir + \"baseFile.txt\", \"base content\\n\")\n add_symlink(tar, base_dir + \"myTmp\", \"/tmp\")\n add_regular_file(tar, base_dir + \"myTmp/poc.txt\", \"Arbitrary File Write\\n\")\n```\n\n### Extract the Archive\n\n```javascript\nconst compressing = require(\u0027compressing\u0027);\n\nfunction untar(archiveName, destPath) {\n return compressing.tar.uncompress(archiveName, destPath);\n}\n\n\nasync function main() {\n const archivePath = process.argv[2];\n const destPath = \"./output\";\n\n if (archivePath \u0026\u0026 archivePath.endsWith(\".tar\")) {\n await untar(archivePath, destPath);\n }\n}\n\nmain();\n```\n\n### Attack Results\n\n\u003cimg width=\"547\" height=\"161\" alt=\"image\" src=\"https://github.com/user-attachments/assets/5ea12efd-0d3f-4f8a-8414-b3a5c72e153e\" /\u003e\n\n\nAfter extraction, the output directory contains a symlink pointing to `/tmp`. The file `poc.txt` is then written through the symlink to `/tmp/poc.txt`, demonstrating an arbitrary file write outside the extraction directory.\n\n## Summary\n\n`compressing` restores symlinks from TAR archives without validating their targets. By combining a malicious symlink with a subsequent file entry, an attacker can redirect extracted files to arbitrary locations on the host.",
"id": "GHSA-cc8f-xg8v-72m3",
"modified": "2026-02-04T21:55:36Z",
"published": "2026-02-03T17:42:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/node-modules/compressing/security/advisories/GHSA-cc8f-xg8v-72m3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24884"
},
{
"type": "WEB",
"url": "https://github.com/node-modules/compressing/commit/8d16c196c7f1888fc1af957d9ff36117247cea6c"
},
{
"type": "WEB",
"url": "https://github.com/node-modules/compressing/commit/ce1c0131c401c071c77d5a1425bf8c88cfc16361"
},
{
"type": "PACKAGE",
"url": "https://github.com/node-modules/compressing"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Compressing Vulnerable to Arbitrary File Write via Symlink Extraction"
}
GHSA-CF2R-5CHQ-JMM8
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:51Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.
{
"affected": [],
"aliases": [
"CVE-2019-12209"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-04T21:29:00Z",
"severity": "HIGH"
},
"details": "Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.",
"id": "GHSA-cf2r-5chq-jmm8",
"modified": "2024-04-04T00:51:18Z",
"published": "2022-05-24T16:47:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12209"
},
{
"type": "WEB",
"url": "https://github.com/Yubico/pam-u2f/commit/7db3386fcdb454e33a3ea30dcfb8e8960d4c3aa3"
},
{
"type": "WEB",
"url": "https://developers.yubico.com/pam-u2f/Release_Notes.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FOR4ADC356JPCHAJI5UXZORLC3VNBPS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCGU6UQLI3ZTW3UYCTMQW7VDL5M4LCWR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FOR4ADC356JPCHAJI5UXZORLC3VNBPS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCGU6UQLI3ZTW3UYCTMQW7VDL5M4LCWR"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/06/05/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CF35-R4VM-VV4F
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.
{
"affected": [],
"aliases": [
"CVE-2024-6233"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T20:15:11Z",
"severity": "HIGH"
},
"details": "Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.",
"id": "GHSA-cf35-r4vm-vv4f",
"modified": "2024-11-22T21:32:16Z",
"published": "2024-11-22T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6233"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1036"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CF5W-7GQX-4GH9
Vulnerability from github – Published: 2022-05-01 18:18 – Updated: 2022-05-01 18:18(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
{
"affected": [],
"aliases": [
"CVE-2007-3919"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-10-28T17:08:00Z",
"severity": "MODERATE"
},
"details": "(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.",
"id": "GHSA-cf5w-7gqx-4gh9",
"modified": "2022-05-01T18:18:35Z",
"published": "2022-05-01T18:18:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3919"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37403"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795"
},
{
"type": "WEB",
"url": "http://osvdb.org/41342"
},
{
"type": "WEB",
"url": "http://osvdb.org/41343"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27389"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27408"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27486"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/27497"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29963"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1395"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/26190"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1018859"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/3621"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CF69-G2CJ-5W8C
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
{
"affected": [],
"aliases": [
"CVE-2025-49739"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:16:02Z",
"severity": "HIGH"
},
"details": "Improper link resolution before file access (\u0027link following\u0027) in Visual Studio allows an unauthorized attacker to elevate privileges over a network.",
"id": "GHSA-cf69-g2cj-5w8c",
"modified": "2025-07-08T18:31:51Z",
"published": "2025-07-08T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49739"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.