CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-5PMW-CMP3-G6WX
Vulnerability from github – Published: 2025-12-30 15:30 – Updated: 2025-12-30 15:30A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."
{
"affected": [],
"aliases": [
"CVE-2025-15251"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-30T14:15:53Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: \"Okay, we\u0027ll handle it as soon as possible.\"",
"id": "GHSA-5pmw-cmp3-g6wx",
"modified": "2025-12-30T15:30:37Z",
"published": "2025-12-30T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15251"
},
{
"type": "WEB",
"url": "https://gitee.com/beecue/fastbee/issues/ID7HNZ"
},
{
"type": "WEB",
"url": "https://gitee.com/beecue/fastbee/issues/ID7HNZ#note_47777408_link"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.338641"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.338641"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5QH3-HXX9-W26P
Vulnerability from github – Published: 2026-06-24 15:31 – Updated: 2026-06-24 18:32Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.
{
"affected": [],
"aliases": [
"CVE-2026-57301"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T14:17:36Z",
"severity": "HIGH"
},
"details": "Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.",
"id": "GHSA-5qh3-hxx9-w26p",
"modified": "2026-06-24T18:32:39Z",
"published": "2026-06-24T15:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57301"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3649"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RFV-XR3J-466J
Vulnerability from github – Published: 2023-01-05 21:30 – Updated: 2023-01-12 03:30A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.
{
"affected": [],
"aliases": [
"CVE-2014-125044"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-05T20:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.",
"id": "GHSA-5rfv-xr3j-466j",
"modified": "2023-01-12T03:30:15Z",
"published": "2023-01-05T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125044"
},
{
"type": "WEB",
"url": "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2"
},
{
"type": "WEB",
"url": "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217515"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217515"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V8C-888F-WWXG
Vulnerability from github – Published: 2025-10-06 18:31 – Updated: 2025-10-06 18:31A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
{
"affected": [],
"aliases": [
"CVE-2025-11341"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T17:16:04Z",
"severity": "MODERATE"
},
"details": "A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo\u0026style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.",
"id": "GHSA-5v8c-888f-wwxg",
"modified": "2025-10-06T18:31:06Z",
"published": "2025-10-06T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11341"
},
{
"type": "WEB",
"url": "https://github.com/rookie1006/CVE/issues/2"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.327226"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.327226"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.664613"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5W25-5HHF-992C
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-05-24 16:57In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617
{
"affected": [],
"aliases": [
"CVE-2019-9292"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T19:15:00Z",
"severity": "LOW"
},
"details": "In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617",
"id": "GHSA-5w25-5hhf-992c",
"modified": "2022-05-24T16:57:20Z",
"published": "2022-05-24T16:57:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9292"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-10"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-682J-2P53-XP5F
Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-12-16 19:48BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed.
It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.
BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.13 restricts execution of the agent/controller message to agents.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.compuware.jenkins:compuware-scm-downloader"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-43423"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-19T22:01:36Z",
"nvd_published_at": "2022-10-19T16:15:00Z",
"severity": "MODERATE"
},
"details": "BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed.\n\nIt allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.\n\nThis vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).\n\nBMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.13 restricts execution of the agent/controller message to agents.",
"id": "GHSA-682j-2p53-xp5f",
"modified": "2022-12-16T19:48:51Z",
"published": "2022-10-19T19:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43423"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/compuware-scm-downloader-plugin/commit/115f057078baad506e2b34b74f4f0600f81990b3"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/compuware-scm-downloader-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin"
}
GHSA-69P6-GP5X-J269
Vulnerability from github – Published: 2024-07-25 21:31 – Updated: 2024-11-18 16:26In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/snapcore/snapd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.62"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-29069"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-26T16:39:29Z",
"nvd_published_at": "2024-07-25T20:15:04Z",
"severity": "LOW"
},
"details": "In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.",
"id": "GHSA-69p6-gp5x-j269",
"modified": "2024-11-18T16:26:55Z",
"published": "2024-07-25T21:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29069"
},
{
"type": "WEB",
"url": "https://github.com/snapcore/snapd/pull/13682"
},
{
"type": "WEB",
"url": "https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063"
},
{
"type": "PACKAGE",
"url": "https://github.com/snapcore/snapd"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-3009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "snapd failed to properly check the destination of symbolic links when extracting a snap"
}
GHSA-6CQX-9V42-Q8F8
Vulnerability from github – Published: 2023-09-05 18:30 – Updated: 2024-04-04 07:29A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-32615"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T17:15:08Z",
"severity": "HIGH"
},
"details": "A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.",
"id": "GHSA-6cqx-9v42-q8f8",
"modified": "2024-04-04T07:29:10Z",
"published": "2023-09-05T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32615"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6M27-7CQJ-2MXW
Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2023-07-26 21:43Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/shopware"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-18357"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-26T21:43:32Z",
"nvd_published_at": "2019-01-15T16:29:00Z",
"severity": "MODERATE"
},
"details": "Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.",
"id": "GHSA-6m27-7cqj-2mxw",
"modified": "2023-07-26T21:43:32Z",
"published": "2022-05-14T01:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18357"
},
{
"type": "WEB",
"url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe"
},
{
"type": "WEB",
"url": "https://demo.ripstech.com/projects/shopware_5.3.3"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Shopware XXE Vulnerability"
}
GHSA-6MQQ-RW6C-7747
Vulnerability from github – Published: 2022-03-01 00:00 – Updated: 2022-03-17 00:04Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.
{
"affected": [],
"aliases": [
"CVE-2022-0377"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-28T09:15:00Z",
"severity": "MODERATE"
},
"details": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.",
"id": "GHSA-6mqq-rw6c-7747",
"modified": "2022-03-17T00:04:53Z",
"published": "2022-03-01T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0377"
},
{
"type": "WEB",
"url": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf"
},
{
"type": "WEB",
"url": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.