Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-PX2H-R39C-38R8

Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-14 00:00
VLAI
Details

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-10T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "\u0027remap_pfn_range\u0027 here may map out of size kernel memory (for example, may map the kernel area), and because the \u0027vma-\u003evm_page_prot\u0027 can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091",
  "id": "GHSA-px2h-r39c-38r8",
  "modified": "2022-08-14T00:00:22Z",
  "published": "2022-08-11T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20239"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PXFV-24MX-MRVC

Vulnerability from github – Published: 2023-10-17 09:30 – Updated: 2024-04-04 08:42
VLAI
Details

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4089"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-17T07:15:10Z",
    "severity": "LOW"
  },
  "details": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.",
  "id": "GHSA-pxfv-24mx-mrvc",
  "modified": "2024-04-04T08:42:44Z",
  "published": "2023-10-17T09:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4089"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2023-046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q424-R5HC-33QQ

Vulnerability from github – Published: 2023-08-10 00:30 – Updated: 2024-04-04 06:45
VLAI
Details

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-09T23:15:10Z",
    "severity": "MODERATE"
  },
  "details": "The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to \"LocalNet attack resulting in the blocking of traffic\" rather than to only WireGuard.",
  "id": "GHSA-q424-r5hc-33qq",
  "modified": "2024-04-04T06:45:58Z",
  "published": "2023-08-10T00:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35838"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"
    },
    {
      "type": "WEB",
      "url": "https://tunnelcrack.mathyvanhoef.com/details.html"
    },
    {
      "type": "WEB",
      "url": "https://wireguard.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q449-HRH8-G839

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-24 00:00
VLAI
Details

In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991",
  "id": "GHSA-q449-hrh8-g839",
  "modified": "2022-03-24T00:00:38Z",
  "published": "2022-03-17T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39707"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8CH-JX67-Q52X

Vulnerability from github – Published: 2026-05-21 15:34 – Updated: 2026-06-23 21:50
VLAI
Summary
Apache Camel K: Kubernetes namespace authorized users can create a Build resource
Details

(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.

This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/camel-k/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/camel-k/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/camel-k/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.10.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-23T21:50:20Z",
    "nvd_published_at": "2026-05-21T13:16:19Z",
    "severity": "HIGH"
  },
  "details": "(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.\n\nThis issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.",
  "id": "GHSA-q8ch-jx67-q52x",
  "modified": "2026-06-23T21:50:20Z",
  "published": "2026-05-21T15:34:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45760"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel-k/pull/6626"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel-k/pull/6627"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel-k/pull/6629"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel-k/commit/1271df076f3123f5e4ec58e066e284236b1a8fb5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel-k/commit/1efa3982f4dbce0ae1f896f4003a16cae6d81ba2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel-k/commit/35dd387f58464608ab4764f67bde786cf09bc39d"
    },
    {
      "type": "WEB",
      "url": "https://camel.apache.org/security/CVE-2026-45760.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/camel-k"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/21/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Camel K: Kubernetes namespace authorized users can create a Build resource"
}

GHSA-QGCG-P3V2-9H4P

Vulnerability from github – Published: 2021-04-30 17:29 – Updated: 2021-04-27 21:33
VLAI
Summary
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
Details

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.cloud:spring-cloud-netflix"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.cloud:spring-cloud-netflix"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-441",
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-27T21:33:12Z",
    "nvd_published_at": "2020-08-07T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.",
  "id": "GHSA-qgcg-p3v2-9h4p",
  "modified": "2021-04-27T21:33:12Z",
  "published": "2021-04-30T17:29:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5412"
    },
    {
      "type": "WEB",
      "url": "https://tanzu.vmware.com/security/cve-2020-5412"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix"
}

GHSA-QH6P-RHWF-C956

Vulnerability from github – Published: 2025-07-13 09:30 – Updated: 2025-07-13 09:30
VLAI
Details

A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-13T07:15:22Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-qh6p-rhwf-c956",
  "modified": "2025-07-13T09:30:33Z",
  "published": "2025-07-13T09:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7523"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability?tab=readme-ov-file#proof-of-concept"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.316220"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.316220"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.611183"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QH7G-HFR4-F2F4

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26711"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-05T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.",
  "id": "GHSA-qh7g-hfr4-f2f4",
  "modified": "2022-05-24T17:41:12Z",
  "published": "2022-05-24T17:41:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26711"
    },
    {
      "type": "WEB",
      "url": "https://vict0ni.me/redwood-report2web-xss-and-frame-injection"
    },
    {
      "type": "WEB",
      "url": "https://vict0ni.me/report2web-xss-frame-injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QMJC-JMJ7-3FWX

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2023-03-13 18:30
VLAI
Details

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-19T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.",
  "id": "GHSA-qmjc-jmj7-3fwx",
  "modified": "2023-03-13T18:30:41Z",
  "published": "2022-05-24T16:59:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18202"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/de-de/advisories/vde-2019-017"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXVQ-2X4G-3VM7

Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2022-10-18 19:00
VLAI
Details

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-14T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.",
  "id": "GHSA-qxvq-2x4g-3vm7",
  "modified": "2022-10-18T19:00:34Z",
  "published": "2022-10-14T19:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27406"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.