CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-6RM2-RQ6J-H85R
Vulnerability from github – Published: 2021-12-02 00:00 – Updated: 2021-12-03 00:00libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.
{
"affected": [],
"aliases": [
"CVE-2021-43685"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-01T16:15:00Z",
"severity": "CRITICAL"
},
"details": "libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.",
"id": "GHSA-6rm2-rq6j-h85r",
"modified": "2021-12-03T00:00:44Z",
"published": "2021-12-02T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43685"
},
{
"type": "WEB",
"url": "https://github.com/LibreTime/libretime/issues/1437"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6RW7-R5PP-274M
Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-07-12 18:31In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-31319"
],
"database_specific": {
"cwe_ids": [
"CWE-441",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T21:15:13Z",
"severity": "HIGH"
},
"details": "In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-6rw7-r5pp-274m",
"modified": "2024-07-12T18:31:47Z",
"published": "2024-07-09T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31319"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/3cc021bf608fa813a9a40932028fdde2b12a2d5e"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X8P-PJFM-RGXQ
Vulnerability from github – Published: 2025-04-15 18:31 – Updated: 2025-04-15 18:31Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.
{
"affected": [],
"aliases": [
"CVE-2024-13177"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T16:15:21Z",
"severity": "MODERATE"
},
"details": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.",
"id": "GHSA-6x8p-pjfm-rgxq",
"modified": "2025-04-15T18:31:44Z",
"published": "2025-04-15T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13177"
},
{
"type": "WEB",
"url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-726X-MFP5-RVMH
Vulnerability from github – Published: 2022-05-12 00:01 – Updated: 2022-05-20 00:00A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.
{
"affected": [],
"aliases": [
"CVE-2021-43066"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T16:15:00Z",
"severity": "HIGH"
},
"details": "A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.",
"id": "GHSA-726x-mfp5-rvmh",
"modified": "2022-05-20T00:00:52Z",
"published": "2022-05-12T00:01:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43066"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-21-154"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-73PR-G6JJ-5HC9
Vulnerability from github – Published: 2022-06-29 00:00 – Updated: 2022-07-08 17:05A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide additional data from a local file readable by the client (and not a "local" file on the server).
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "ruby-mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3779"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-05T22:08:34Z",
"nvd_published_at": "2022-06-28T17:15:00Z",
"severity": "MODERATE"
},
"details": "A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide additional data from a local file readable by the client (and not a \"local\" file on the server).",
"id": "GHSA-73pr-g6jj-5hc9",
"modified": "2022-07-08T17:05:08Z",
"published": "2022-06-29T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3779"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-mysql/CVE-2021-3779.yml"
},
{
"type": "WEB",
"url": "https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed"
},
{
"type": "PACKAGE",
"url": "http://github.com/tmtm/ruby-mysql"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql"
}
GHSA-74J8-88MM-7496
Vulnerability from github – Published: 2021-09-21 18:28 – Updated: 2026-06-09 10:51A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.22.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8561"
],
"database_specific": {
"cwe_ids": [
"CWE-441",
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-21T14:53:38Z",
"nvd_published_at": "2021-09-20T17:15:00Z",
"severity": "MODERATE"
},
"details": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.",
"id": "GHSA-74j8-88mm-7496",
"modified": "2026-06-09T10:51:43Z",
"published": "2021-09-21T18:28:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8561"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubernetes/kubernetes"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"type": "WEB",
"url": "https://kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211014-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Confused Deputy in Kubernetes"
}
GHSA-79PM-5425-72GV
Vulnerability from github – Published: 2023-06-22 18:30 – Updated: 2024-04-04 05:01Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
{
"affected": [],
"aliases": [
"CVE-2023-3256"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-22T17:15:44Z",
"severity": "HIGH"
},
"details": "Advantech R-SeeNet \nversions 2.4.22 \nallows low-level users to access and load the content of local files.\n\n\n\n",
"id": "GHSA-79pm-5425-72gv",
"modified": "2024-04-04T05:01:16Z",
"published": "2023-06-22T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3256"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CFP-PMW3-4J7R
Vulnerability from github – Published: 2026-07-15 09:30 – Updated: 2026-07-15 09:30A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.
{
"affected": [],
"aliases": [
"CVE-2026-15583"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T08:16:22Z",
"severity": "HIGH"
},
"details": "A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server\u0027s environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.",
"id": "GHSA-7cfp-pmw3-4j7r",
"modified": "2026-07-15T09:30:23Z",
"published": "2026-07-15T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15583"
},
{
"type": "WEB",
"url": "https://grafana.com/security/security-advisories/cve-2026-15583"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7H9V-7266-H9V7
Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2021-12-21 00:01UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path.
{
"affected": [],
"aliases": [
"CVE-2021-44041"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T18:15:00Z",
"severity": "CRITICAL"
},
"details": "UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim\u0027s machine or capture NTLM credentials by supplying a networked or WebDAV file path.",
"id": "GHSA-7h9v-7266-h9v7",
"modified": "2021-12-21T00:01:29Z",
"published": "2021-12-15T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44041"
},
{
"type": "WEB",
"url": "https://docs.uipath.com/robot/docs/release-notes-2021-10-4"
},
{
"type": "WEB",
"url": "https://docs.uipath.com/robot/docs/uipath-assistant"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7HCV-42FJ-R6VQ
Vulnerability from github – Published: 2025-07-19 15:30 – Updated: 2025-07-19 15:30A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-7823"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-19T13:15:24Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-7hcv-42fj-r6vq",
"modified": "2025-07-19T15:30:21Z",
"published": "2025-07-19T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7823"
},
{
"type": "WEB",
"url": "https://github.com/cc2024k/CVE/issues/3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.316924"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.316924"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.616841"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.