Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-WW6V-677G-P656

Vulnerability from github – Published: 2018-07-18 18:28 – Updated: 2023-09-11 22:19
VLAI
Summary
Sandbox Breakout in safe-eval
Details

Affected versions of safe-eval are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Proof of Concept:

This code accesses the process object and calls .exit()

var safeEval = require('safe-eval');
safeEval("this.constructor.constructor('return process')().exit()");

Recommendation

Update to version 0.4.0 or later

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "safe-eval"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:01:17Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Affected versions of `safe-eval` are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. \n\n## Proof of Concept:\nThis code accesses the process object and calls `.exit()`\n```js\nvar safeEval = require(\u0027safe-eval\u0027);\nsafeEval(\"this.constructor.constructor(\u0027return process\u0027)().exit()\");\n```\n\n\n## Recommendation\n\nUpdate to version 0.4.0 or later",
  "id": "GHSA-ww6v-677g-p656",
  "modified": "2023-09-11T22:19:18Z",
  "published": "2018-07-18T18:28:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16088"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hacksparrow/safe-eval/issues/5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/issues/59"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hacksparrow/safe-eval/pull/13"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-ww6v-677g-p656"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sandbox Breakout in safe-eval"
}

GHSA-WXPC-F9FQ-W9PQ

Vulnerability from github – Published: 2026-02-07 06:31 – Updated: 2026-02-07 06:31
VLAI
Details

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-07T05:16:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-wxpc-f9fq-w9pq",
  "modified": "2026-02-07T06:31:05Z",
  "published": "2026-02-07T06:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2074"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SourByte05/SourByte-Lab/issues/7"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.344640"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.344640"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.745486"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.745489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X2FM-RMW7-73V2

Vulnerability from github – Published: 2026-06-21 09:30 – Updated: 2026-06-21 09:30
VLAI
Details

A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-21T09:16:25Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was determined in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\u79d1\u6280\u6709\u9650\u516c\u53f8 ADP Application Developer Platform \u5e94\u7528\u5f00\u53d1\u8005\u5e73\u53f0 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-x2fm-rmw7-73v2",
  "modified": "2026-06-21T09:30:51Z",
  "published": "2026-06-21T09:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12788"
    },
    {
      "type": "WEB",
      "url": "https://ucn9h68n9289.feishu.cn/docx/LeLOdhV6mo3clzxstxXcpFzbnjg?from=from_copylink"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-12788"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/835655"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/372530"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/372530/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X2GP-W3V9-22XP

Vulnerability from github – Published: 2025-04-04 12:30 – Updated: 2025-04-04 12:30
VLAI
Details

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-04T11:15:40Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-x2gp-w3v9-22xp",
  "modified": "2025-04-04T12:30:20Z",
  "published": "2025-04-04T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3241"
    },
    {
      "type": "WEB",
      "url": "https://github.com/askqiu/cve/blob/main/README.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.303267"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.303267"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.547585"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X5JV-PXJQ-575R

Vulnerability from github – Published: 2024-04-01 12:30 – Updated: 2024-04-01 12:30
VLAI
Details

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-01T11:15:52Z",
    "severity": "HIGH"
  },
  "details": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.",
  "id": "GHSA-x5jv-pxjq-575r",
  "modified": "2024-04-01T12:30:44Z",
  "published": "2024-04-01T12:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6154"
    },
    {
      "type": "WEB",
      "url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X5R2-JQ66-4CCQ

Vulnerability from github – Published: 2023-11-27 18:31 – Updated: 2025-11-04 21:30
VLAI
Details

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-27T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.",
  "id": "GHSA-x5r2-jq66-4ccq",
  "modified": "2025-11-04T21:30:48Z",
  "published": "2023-11-27T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39542"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1832"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6HQ-V32R-W2QR

Vulnerability from github – Published: 2024-01-19 06:30 – Updated: 2024-01-19 06:30
VLAI
Details

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-19T04:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.",
  "id": "GHSA-x6hq-v32r-w2qr",
  "modified": "2024-01-19T06:30:20Z",
  "published": "2024-01-19T06:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5716"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-7666-fffce-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCJC-C88C-V52W

Vulnerability from github – Published: 2024-01-22 15:30 – Updated: 2025-05-30 15:30
VLAI
Details

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-22T15:15:07Z",
    "severity": "MODERATE"
  },
  "details": "CloudLinux\n CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to\n the sendmail proxy command. This allows local users to read and write \narbitrary files outside the CageFS environment in a limited way.",
  "id": "GHSA-xcjc-c88c-v52w",
  "modified": "2025-05-30T15:30:22Z",
  "published": "2024-01-22T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36772"
    },
    {
      "type": "WEB",
      "url": "https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jan/25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XF2M-QWPV-GW8P

Vulnerability from github – Published: 2025-08-28 15:30 – Updated: 2025-08-28 15:30
VLAI
Details

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48963"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-28T10:15:32Z",
    "severity": "HIGH"
  },
  "details": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296.",
  "id": "GHSA-xf2m-qwpv-gw8p",
  "modified": "2025-08-28T15:30:39Z",
  "published": "2025-08-28T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48963"
    },
    {
      "type": "WEB",
      "url": "https://security-advisory.acronis.com/advisories/SEC-8568"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG43-QR5W-Q4JR

Vulnerability from github – Published: 2026-05-13 21:32 – Updated: 2026-05-13 21:32
VLAI
Details

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-13T19:17:05Z",
    "severity": "HIGH"
  },
  "details": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.",
  "id": "GHSA-xg43-qr5w-q4jr",
  "modified": "2026-05-13T21:32:05Z",
  "published": "2026-05-13T21:32:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30905"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.