Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-6RM2-RQ6J-H85R

Vulnerability from github – Published: 2021-12-02 00:00 – Updated: 2021-12-03 00:00
VLAI
Details

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-01T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.",
  "id": "GHSA-6rm2-rq6j-h85r",
  "modified": "2021-12-03T00:00:44Z",
  "published": "2021-12-02T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43685"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibreTime/libretime/issues/1437"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6RW7-R5PP-274M

Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-07-12 18:31
VLAI
Details

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-441",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T21:15:13Z",
    "severity": "HIGH"
  },
  "details": "In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-6rw7-r5pp-274m",
  "modified": "2024-07-12T18:31:47Z",
  "published": "2024-07-09T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31319"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/3cc021bf608fa813a9a40932028fdde2b12a2d5e"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X8P-PJFM-RGXQ

Vulnerability from github – Published: 2025-04-15 18:31 – Updated: 2025-04-15 18:31
VLAI
Details

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-15T16:15:21Z",
    "severity": "MODERATE"
  },
  "details": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.",
  "id": "GHSA-6x8p-pjfm-rgxq",
  "modified": "2025-04-15T18:31:44Z",
  "published": "2025-04-15T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13177"
    },
    {
      "type": "WEB",
      "url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-726X-MFP5-RVMH

Vulnerability from github – Published: 2022-05-12 00:01 – Updated: 2022-05-20 00:00
VLAI
Details

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.",
  "id": "GHSA-726x-mfp5-rvmh",
  "modified": "2022-05-20T00:00:52Z",
  "published": "2022-05-12T00:01:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43066"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-21-154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-73PR-G6JJ-5HC9

Vulnerability from github – Published: 2022-06-29 00:00 – Updated: 2022-07-08 17:05
VLAI
Summary
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Details

A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide additional data from a local file readable by the client (and not a "local" file on the server).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ruby-mysql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3779"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-05T22:08:34Z",
    "nvd_published_at": "2022-06-28T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide additional data from a local file readable by the client (and not a \"local\" file on the server).",
  "id": "GHSA-73pr-g6jj-5hc9",
  "modified": "2022-07-08T17:05:08Z",
  "published": "2022-06-29T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3779"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-mysql/CVE-2021-3779.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed"
    },
    {
      "type": "PACKAGE",
      "url": "http://github.com/tmtm/ruby-mysql"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql"
}

GHSA-74J8-88MM-7496

Vulnerability from github – Published: 2021-09-21 18:28 – Updated: 2026-06-09 10:51
VLAI
Summary
Confused Deputy in Kubernetes
Details

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.22.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-441",
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-21T14:53:38Z",
    "nvd_published_at": "2021-09-20T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.",
  "id": "GHSA-74j8-88mm-7496",
  "modified": "2026-06-09T10:51:43Z",
  "published": "2021-09-21T18:28:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8561"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/104720"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes/kubernetes"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
    },
    {
      "type": "WEB",
      "url": "https://kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211014-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Confused Deputy in Kubernetes"
}

GHSA-79PM-5425-72GV

Vulnerability from github – Published: 2023-06-22 18:30 – Updated: 2024-04-04 05:01
VLAI
Details

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-22T17:15:44Z",
    "severity": "HIGH"
  },
  "details": "Advantech R-SeeNet \nversions 2.4.22 \nallows low-level users to access and load the content of local files.\n\n\n\n",
  "id": "GHSA-79pm-5425-72gv",
  "modified": "2024-04-04T05:01:16Z",
  "published": "2023-06-22T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3256"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7CFP-PMW3-4J7R

Vulnerability from github – Published: 2026-07-15 09:30 – Updated: 2026-07-15 09:30
VLAI
Details

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-15T08:16:22Z",
    "severity": "HIGH"
  },
  "details": "A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server\u0027s environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.",
  "id": "GHSA-7cfp-pmw3-4j7r",
  "modified": "2026-07-15T09:30:23Z",
  "published": "2026-07-15T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15583"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/security/security-advisories/cve-2026-15583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7H9V-7266-H9V7

Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2021-12-21 00:01
VLAI
Details

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44041"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-14T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim\u0027s machine or capture NTLM credentials by supplying a networked or WebDAV file path.",
  "id": "GHSA-7h9v-7266-h9v7",
  "modified": "2021-12-21T00:01:29Z",
  "published": "2021-12-15T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44041"
    },
    {
      "type": "WEB",
      "url": "https://docs.uipath.com/robot/docs/release-notes-2021-10-4"
    },
    {
      "type": "WEB",
      "url": "https://docs.uipath.com/robot/docs/uipath-assistant"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7HCV-42FJ-R6VQ

Vulnerability from github – Published: 2025-07-19 15:30 – Updated: 2025-07-19 15:30
VLAI
Details

A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-19T13:15:24Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-7hcv-42fj-r6vq",
  "modified": "2025-07-19T15:30:21Z",
  "published": "2025-07-19T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7823"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cc2024k/CVE/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.316924"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.316924"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.616841"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.