CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-PX2H-R39C-38R8
Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-14 00:00'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091
{
"affected": [],
"aliases": [
"CVE-2022-20239"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-10T20:15:00Z",
"severity": "CRITICAL"
},
"details": "\u0027remap_pfn_range\u0027 here may map out of size kernel memory (for example, may map the kernel area), and because the \u0027vma-\u003evm_page_prot\u0027 can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091",
"id": "GHSA-px2h-r39c-38r8",
"modified": "2022-08-14T00:00:22Z",
"published": "2022-08-11T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20239"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-08-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PXFV-24MX-MRVC
Vulnerability from github – Published: 2023-10-17 09:30 – Updated: 2024-04-04 08:42On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
{
"affected": [],
"aliases": [
"CVE-2023-4089"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-17T07:15:10Z",
"severity": "LOW"
},
"details": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.",
"id": "GHSA-pxfv-24mx-mrvc",
"modified": "2024-04-04T08:42:44Z",
"published": "2023-10-17T09:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4089"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2023-046"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q424-R5HC-33QQ
Vulnerability from github – Published: 2023-08-10 00:30 – Updated: 2024-04-04 06:45The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.
{
"affected": [],
"aliases": [
"CVE-2023-35838"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-09T23:15:10Z",
"severity": "MODERATE"
},
"details": "The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to \"LocalNet attack resulting in the blocking of traffic\" rather than to only WireGuard.",
"id": "GHSA-q424-r5hc-33qq",
"modified": "2024-04-04T06:45:58Z",
"published": "2023-08-10T00:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35838"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"
},
{
"type": "WEB",
"url": "https://tunnelcrack.mathyvanhoef.com/details.html"
},
{
"type": "WEB",
"url": "https://wireguard.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q449-HRH8-G839
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-24 00:00In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991
{
"affected": [],
"aliases": [
"CVE-2021-39707"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991",
"id": "GHSA-q449-hrh8-g839",
"modified": "2022-03-24T00:00:38Z",
"published": "2022-03-17T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39707"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q8CH-JX67-Q52X
Vulnerability from github – Published: 2026-05-21 15:34 – Updated: 2026-06-23 21:50(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.
This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/apache/camel-k/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/apache/camel-k/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/apache/camel-k/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.10.0"
]
}
],
"aliases": [
"CVE-2026-45760"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-23T21:50:20Z",
"nvd_published_at": "2026-05-21T13:16:19Z",
"severity": "HIGH"
},
"details": "(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.\n\nThis issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.",
"id": "GHSA-q8ch-jx67-q52x",
"modified": "2026-06-23T21:50:20Z",
"published": "2026-05-21T15:34:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45760"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel-k/pull/6626"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel-k/pull/6627"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel-k/pull/6629"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel-k/commit/1271df076f3123f5e4ec58e066e284236b1a8fb5"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel-k/commit/1efa3982f4dbce0ae1f896f4003a16cae6d81ba2"
},
{
"type": "WEB",
"url": "https://github.com/apache/camel-k/commit/35dd387f58464608ab4764f67bde786cf09bc39d"
},
{
"type": "WEB",
"url": "https://camel.apache.org/security/CVE-2026-45760.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/camel-k"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Camel K: Kubernetes namespace authorized users can create a Build resource"
}
GHSA-QGCG-P3V2-9H4P
Vulnerability from github – Published: 2021-04-30 17:29 – Updated: 2021-04-27 21:33Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.cloud:spring-cloud-netflix"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.cloud:spring-cloud-netflix"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5412"
],
"database_specific": {
"cwe_ids": [
"CWE-441",
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-27T21:33:12Z",
"nvd_published_at": "2020-08-07T21:15:00Z",
"severity": "MODERATE"
},
"details": "Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.",
"id": "GHSA-qgcg-p3v2-9h4p",
"modified": "2021-04-27T21:33:12Z",
"published": "2021-04-30T17:29:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5412"
},
{
"type": "WEB",
"url": "https://tanzu.vmware.com/security/cve-2020-5412"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix"
}
GHSA-QH6P-RHWF-C956
Vulnerability from github – Published: 2025-07-13 09:30 – Updated: 2025-07-13 09:30A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-7523"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-13T07:15:22Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-qh6p-rhwf-c956",
"modified": "2025-07-13T09:30:33Z",
"published": "2025-07-13T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7523"
},
{
"type": "WEB",
"url": "https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability"
},
{
"type": "WEB",
"url": "https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability?tab=readme-ov-file#proof-of-concept"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.316220"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.316220"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.611183"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QH7G-HFR4-F2F4
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.
{
"affected": [],
"aliases": [
"CVE-2021-26711"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-05T14:15:00Z",
"severity": "MODERATE"
},
"details": "A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.",
"id": "GHSA-qh7g-hfr4-f2f4",
"modified": "2022-05-24T17:41:12Z",
"published": "2022-05-24T17:41:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26711"
},
{
"type": "WEB",
"url": "https://vict0ni.me/redwood-report2web-xss-and-frame-injection"
},
{
"type": "WEB",
"url": "https://vict0ni.me/report2web-xss-frame-injection.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QMJC-JMJ7-3FWX
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2023-03-13 18:30Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2019-18202"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-19T01:15:00Z",
"severity": "MODERATE"
},
"details": "Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.",
"id": "GHSA-qmjc-jmj7-3fwx",
"modified": "2023-03-13T18:30:41Z",
"published": "2022-05-24T16:59:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18202"
},
{
"type": "WEB",
"url": "https://cert.vde.com/de-de/advisories/vde-2019-017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QXVQ-2X4G-3VM7
Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2022-10-18 19:00An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.
{
"affected": [],
"aliases": [
"CVE-2021-27406"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T17:15:00Z",
"severity": "HIGH"
},
"details": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.",
"id": "GHSA-qxvq-2x4g-3vm7",
"modified": "2022-10-18T19:00:34Z",
"published": "2022-10-14T19:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27406"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.