CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1985 vulnerabilities reference this CWE, most recent first.
GHSA-6MH8-R4FC-H3CH
Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2022-05-17 01:17php-fpm allows local users to write to or create arbitrary files via a symlink attack.
{
"affected": [],
"aliases": [
"CVE-2015-3211"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-25T18:29:00Z",
"severity": "MODERATE"
},
"details": "php-fpm allows local users to write to or create arbitrary files via a symlink attack.",
"id": "GHSA-6mh8-r4fc-h3ch",
"modified": "2022-05-17T01:17:01Z",
"published": "2022-05-17T01:17:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3211"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228721"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6PVW-G552-53C5
Vulnerability from github – Published: 2025-10-17 17:05 – Updated: 2026-05-31 18:30Impact
When populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS.
Git LFS has resolved this problem by revising the git lfs checkout and git lfs pull commands so that they check for symbolic links in the same manner as performed by Git before writing to files in the working tree. These commands now also remove existing files in the working tree before writing new files in their place.
As well, Git LFS has resolved a problem whereby the git lfs checkout and git lfs pull commands, when run in a bare repository, could write to files visible outside the repository. While a specific and relatively unlikely set of conditions were required for this to occur, it is no longer possible under any circumstances.
Patches
This problem exists in all versions since 0.5.2 and is patched in v3.7.1. All users should upgrade to v3.7.1.
Workarounds
Support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.
References
- https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5
- https://nvd.nist.gov/vuln/detail/CVE-2025-26625
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26625
- https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1
- git-lfs/git-lfs@5c11ffce9a
- git-lfs/git-lfs@0cffe93176
- git-lfs/git-lfs@d02bd13f02
For more information
If there are any questions or comments about this advisory: * For general questions, start a discussion in the Git LFS discussion forum. * For reports of additional vulnerabilities, please follow the Git LFS security reporting policy.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.7.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/git-lfs/git-lfs"
},
"ranges": [
{
"events": [
{
"introduced": "0.5.2"
},
{
"fixed": "3.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-26625"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-17T17:05:03Z",
"nvd_published_at": "2025-10-17T16:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWhen populating a Git repository\u0027s working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS.\n\nGit LFS has resolved this problem by revising the `git lfs checkout` and `git lfs pull` commands so that they check for symbolic links in the same manner as performed by Git before writing to files in the working tree. These commands now also remove existing files in the working tree before writing new files in their place.\n\nAs well, Git LFS has resolved a problem whereby the `git lfs checkout` and `git lfs pull` commands, when run in a bare repository, could write to files visible outside the repository. While a specific and relatively unlikely set of conditions were required for this to occur, it is no longer possible under any circumstances.\n\n### Patches\n\nThis problem exists in all versions since 0.5.2 and is patched in v3.7.1. All users should upgrade to v3.7.1.\n\n### Workarounds\n\nSupport for symlinks in Git may be disabled by setting the `core.symlinks` configuration option to `false`, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.\n\n### References\n\n- https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5\n- https://nvd.nist.gov/vuln/detail/CVE-2025-26625\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26625\n- https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1\n- [git-lfs/git-lfs@5c11ffce9a](https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8)\n- [git-lfs/git-lfs@0cffe93176](https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396)\n- [git-lfs/git-lfs@d02bd13f02](https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615)\n\n### For more information\n\nIf there are any questions or comments about this advisory:\n* For general questions, start a discussion in the Git LFS [discussion forum](https://github.com/git-lfs/git-lfs/discussions).\n* For reports of additional vulnerabilities, please follow the Git LFS [security reporting policy](https://github.com/git-lfs/git-lfs/blob/main/SECURITY.md).",
"id": "GHSA-6pvw-g552-53c5",
"modified": "2026-05-31T18:30:24Z",
"published": "2025-10-17T17:05:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26625"
},
{
"type": "WEB",
"url": "https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396"
},
{
"type": "WEB",
"url": "https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8"
},
{
"type": "WEB",
"url": "https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26625"
},
{
"type": "PACKAGE",
"url": "https://github.com/git-lfs/git-lfs"
},
{
"type": "WEB",
"url": "https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00055.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Git LFS may write to arbitrary files via crafted symlinks"
}
GHSA-6Q7F-CCC4-PGMM
Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.xml and (2) /tmp/.backup temporary files.
{
"affected": [],
"aliases": [
"CVE-2008-4974"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-06T15:55:00Z",
"severity": "MODERATE"
},
"details": "rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.",
"id": "GHSA-6q7f-ccc4-pgmm",
"modified": "2022-05-17T02:18:28Z",
"published": "2022-05-17T02:18:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4974"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44834"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/496384"
},
{
"type": "WEB",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/netmrg"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32490"
},
{
"type": "WEB",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/30930"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6Q8G-8JP7-R627
Vulnerability from github – Published: 2022-05-17 04:50 – Updated: 2022-05-17 04:50base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
{
"affected": [],
"aliases": [
"CVE-2013-6402"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-05T20:55:00Z",
"severity": "LOW"
},
"details": "base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.",
"id": "GHSA-6q8g-8jp7-r627",
"modified": "2022-05-17T04:50:46Z",
"published": "2022-05-17T04:50:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6402"
},
{
"type": "WEB",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=852368"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6402"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2829"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2085-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6QFG-8799-R575
Vulnerability from github – Published: 2021-05-18 15:30 – Updated: 2023-09-18 20:30The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.10"
},
{
"fixed": "1.13.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "1.14.6"
},
{
"fixed": "1.14.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.3"
},
{
"fixed": "1.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-11251"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-61"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T21:58:06Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.",
"id": "GHSA-6qfg-8799-r575",
"modified": "2023-09-18T20:30:39Z",
"published": "2021-05-18T15:30:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11251"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/87773"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/82143"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Kubernetes kubectl cp Vulnerable to Symlink Attack"
}
GHSA-6QX3-HCM8-XH2M
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.
{
"affected": [],
"aliases": [
"CVE-2020-5797"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-21T06:15:00Z",
"severity": "MODERATE"
},
"details": "UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.",
"id": "GHSA-6qx3-hcm8-xh2m",
"modified": "2022-05-24T17:34:42Z",
"published": "2022-05-24T17:34:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5797"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2020-60"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6RRJ-4W73-GW88
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.
{
"affected": [],
"aliases": [
"CVE-2014-2312"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-26T18:29:00Z",
"severity": "MODERATE"
},
"details": "The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.",
"id": "GHSA-6rrj-4w73-gw88",
"modified": "2022-05-13T01:30:31Z",
"published": "2022-05-13T01:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2312"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/03/08/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/03/09/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6V4X-M393-5VG2
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-49791"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:16:54Z",
"severity": "HIGH"
},
"details": "Improper link resolution before file access (\u0027link following\u0027) in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-6v4x-m393-5vg2",
"modified": "2026-07-14T18:32:01Z",
"published": "2026-07-14T18:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49791"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6V7Q-GH5P-VGQC
Vulnerability from github – Published: 2022-05-17 01:59 – Updated: 2022-05-17 01:59The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
{
"affected": [],
"aliases": [
"CVE-2011-1920"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-23T22:55:00Z",
"severity": "LOW"
},
"details": "The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.",
"id": "GHSA-6v7q-gh5p-vgqc",
"modified": "2022-05-17T01:59:31Z",
"published": "2022-05-17T01:59:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1920"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705090"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673"
},
{
"type": "WEB",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239\u0026r2=1.240\u0026f=h"
},
{
"type": "WEB",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192\u0026r2=1.193\u0026f=h"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/05/16/2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/05/16/8"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47878"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6VJH-65XF-7489
Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2025-10-22 00:31An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2019-1385"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-12T19:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka \u0027Windows AppX Deployment Extensions Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-6vjh-65xf-7489",
"modified": "2025-10-22T00:31:48Z",
"published": "2022-05-24T22:01:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1385"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-979"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.