Common Weakness Enumeration

CWE-61

Allowed

UNIX Symbolic Link (Symlink) Following

Abstraction: Compound · Status: Incomplete

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

270 vulnerabilities reference this CWE, most recent first.

GHSA-J4MM-F543-FJ92

Vulnerability from github – Published: 2024-03-26 15:30 – Updated: 2024-03-26 15:30
VLAI
Details

Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-26T13:15:45Z",
    "severity": "HIGH"
  },
  "details": "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.",
  "id": "GHSA-j4mm-f543-fj92",
  "modified": "2024-03-26T15:30:49Z",
  "published": "2024-03-26T15:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1933"
    },
    {
      "type": "WEB",
      "url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J4XF-2G29-59PH

Vulnerability from github – Published: 2026-03-20 17:25 – Updated: 2026-03-25 18:36
VLAI
Summary
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks
Details

Summary

When unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root.

Reproducer

A malicious tarball contains two entries: (1) a symlink foo pointing to an arbitrary external directory, and (2) a directory entry foo/. (or just foo). When unpacked, create_dir("foo") fails with EEXIST because the symlink is already on disk. The fs::metadata() check then follows the symlink, sees a directory at the target, and allows processing to continue. The directory entry's mode bits are then applied via chmod, which also follows the symlink — modifying the permissions of the external target directory.

Fix

The fix is very simple, we now use fs::symlink_metadata() in unpack_dir, so symlinks are detected and rejected rather than followed.

Credit

This issue was reported by @xokdvium - thank you!

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.4.44"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "tar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.45"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T17:25:09Z",
    "nvd_published_at": "2026-03-20T08:16:11Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nWhen unpacking a tar archive, the `tar` crate\u0027s `unpack_dir` function uses `fs::metadata()` to check whether a path that already exists is a directory. Because `fs::metadata()` follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \u2014 and subsequently apply `chmod` to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root.\n\n## Reproducer\n\nA malicious tarball contains two entries: (1) a symlink `foo` pointing to an arbitrary external directory, and (2) a directory entry `foo/.` (or just `foo`). When unpacked, `create_dir(\"foo\")` fails with `EEXIST` because the symlink is already on disk. The `fs::metadata()` check then follows the symlink, sees a directory at the target, and allows processing to continue. The directory entry\u0027s mode bits are then applied via `chmod`, which also follows the symlink \u2014 modifying the permissions of the external target directory.\n\n## Fix \n\nThe fix is very simple, we now use `fs::symlink_metadata()` in `unpack_dir`, so symlinks are detected and rejected rather than followed.\n\n## Credit\n\nThis issue was reported by @xokdvium - thank you!",
  "id": "GHSA-j4xf-2g29-59ph",
  "modified": "2026-03-25T18:36:33Z",
  "published": "2026-03-20T17:25:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33056"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/alexcrichton/tar-rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0067.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "tar-rs `unpack_in` can chmod arbitrary directories by following symlinks"
}

GHSA-JC9G-44F2-XQH4

Vulnerability from github – Published: 2024-12-24 06:30 – Updated: 2025-02-06 09:31
VLAI
Details

A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-24T04:15:05Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance.",
  "id": "GHSA-jc9g-44f2-xqh4",
  "modified": "2025-02-06T09:31:46Z",
  "published": "2024-12-24T06:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47515"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-47515"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315806"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JFVP-7X6P-H2PV

Vulnerability from github – Published: 2024-09-03 19:49 – Updated: 2025-02-21 21:03
VLAI
Summary
runc can be confused to create empty files/directories on the host
Details

Impact

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files will not be truncated.

An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed.

This is exploitable using runc directly as well as through Docker and Kubernetes.

The CVSS score for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N (Low severity, 3.6).

Workarounds

Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual user on the host (such as with rootless containers that don't use /etc/sub[ug]id), this in practice means that an attacker would only be able to create inodes in world-writable directories.

A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though we haven't thoroughly tested to what extent the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack.

Patches

Fixed in runc v1.1.14 and v1.2.0-rc3.

  • main patches:
  • https://github.com/opencontainers/runc/pull/4359
  • https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7
  • release-1.1 patches:
  • https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e
  • https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf

Credits

Thanks to Rodrigo Campos Catelin (@rata) and Alban Crequy (@alban) from Microsoft for discovering and reporting this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opencontainers/runc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opencontainers/runc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0-rc.1"
            },
            {
              "fixed": "1.2.0-rc.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-363",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-03T19:49:32Z",
    "nvd_published_at": "2024-09-03T19:15:15Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nrunc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into\ncreating empty files or directories in arbitrary locations in the host\nfilesystem by sharing a volume between two containers and exploiting a race\nwith os.MkdirAll. While this can be used to create empty files, existing\nfiles **will not** be truncated.\n\nAn attacker must have the ability to start containers using some kind of custom\nvolume configuration. Containers using user namespaces are still affected, but\nthe scope of places an attacker can create inodes can be significantly reduced.\nSufficiently strict LSM policies (SELinux/Apparmor) can also in principle block\nthis attack -- we suspect the industry standard SELinux policy may restrict\nthis attack\u0027s scope but the exact scope of protection hasn\u0027t been analysed.\n\nThis is exploitable using runc directly as well as through Docker and\nKubernetes.\n\nThe CVSS score for this vulnerability is\nCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N (Low severity, 3.6).\n\n### Workarounds\nUsing user namespaces restricts this attack fairly significantly such that the\nattacker can only create inodes in directories that the remapped root\nuser/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don\u0027t use\n/etc/sub[ug]id), this in practice means that an attacker would only be able to\ncreate inodes in world-writable directories.\n\nA strict enough SELinux or AppArmor policy could in principle also restrict the\nscope if a specific label is applied to the runc runtime, though we haven\u0027t\nthoroughly tested to what extent the standard existing policies block this\nattack nor what exact policies are needed to sufficiently restrict this attack.\n\n### Patches\nFixed in runc v1.1.14 and v1.2.0-rc3.\n\n* `main` patches:\n  * https://github.com/opencontainers/runc/pull/4359\n  *  https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7\n* `release-1.1` patches:\n  * https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e\n  * https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf\n\n### Credits\nThanks to Rodrigo Campos Catelin (@rata) and Alban Crequy (@alban) from\nMicrosoft for discovering and reporting this vulnerability.",
  "id": "GHSA-jfvp-7x6p-h2pv",
  "modified": "2025-02-21T21:03:04Z",
  "published": "2024-09-03T19:49:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45310"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/pull/4359"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/opencontainers/runc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250221-0008"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/09/03/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/U:Green",
      "type": "CVSS_V4"
    }
  ],
  "summary": "runc can be confused to create empty files/directories on the host"
}

GHSA-JQ42-7MFV-HM57

Vulnerability from github – Published: 2026-06-26 21:48 – Updated: 2026-06-26 21:48
VLAI
Summary
Cargo crates in third party registries can override the cached source of other crates
Details

The Rust Security Response Team was notified that Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry.

This vulnerability is tracked as CVE-2026-5223. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io are not affected, as crates.io forbids uploading crates containing any symlink.

Overview

When building a crate, Cargo extracts its source code in a local cache (stored within ~/.cargo), reusing it for any future build. Cargo includes protections to prevent any file from being extracted outside of the crate's own cache directory.

It was discovered that it's possible to craft a malicious tarball able to extract files one level below the crate's own cache directory. With the way the cache is structured, that allowed the malicious crate to override the cache of other crates belonging to the same registry.

Mitigations

Rust 1.96.0, to be released on May 28th, 2026, will update Cargo to reject extracting any symlink within crate tarballs, regardless of whether they come from crates.io (which already forbids them) or third-party registries. Note that Cargo never added symlinks when running cargo package or cargo publish, so the impact of this should be minimal.

Users who are not able to upgrade to the most recent Rust version are recommended to audit the contents of their registry for the presence of any symlink, and to configure their registry to reject symlink (if such option is available).

Affected versions

All versions of Cargo shipped before Rust 1.96.0 are affected.

Acknowledgements

Cargo would like to thank Christos Papakonstantinou for reporting this to us according to the Rust security policy.

Cargo also wants to thank the members of the Rust project who helped address the vulnerability: Josh Triplett for developing the fix; Arlo Siemsen for reviewing the fix; Emily Albini for writing this advisory; Emily Albini, Josh Stone and Manish Goregaokar for coordinating the disclosure; Ed Page and Eric Huss for advising during the disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "cargo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.97.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-5223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-26T21:48:43Z",
    "nvd_published_at": "2026-05-25T10:16:15Z",
    "severity": "MODERATE"
  },
  "details": "The Rust Security Response Team was notified that Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry.\n\nThis vulnerability is tracked as CVE-2026-5223. The severity of the vulnerability is **medium** for users of third-party registries. Users of crates.io are **not affected**, as crates.io forbids uploading crates containing any symlink.\n\n## Overview\n\nWhen building a crate, Cargo extracts its source code in a local cache (stored within `~/.cargo`), reusing it for any future build. Cargo includes protections to prevent any file from being extracted outside of the crate\u0027s own cache directory.\n\nIt was discovered that it\u0027s possible to craft a malicious tarball able to extract files one level below the crate\u0027s own cache directory. With the way the cache is structured, that allowed the malicious crate to override the cache of other crates belonging to the same registry.\n\n## Mitigations\n\nRust 1.96.0, to be released on May 28th, 2026, will update Cargo to reject extracting *any* symlink within crate tarballs, regardless of whether they come from crates.io (which already forbids them) or third-party registries. Note that Cargo never added symlinks when running `cargo package` or `cargo publish`, so the impact of this should be minimal.\n\nUsers who are not able to upgrade to the most recent Rust version are recommended to audit the contents of their registry for the presence of any symlink, and to configure their registry to reject symlink (if such option is available).\n\n## Affected versions\n\nAll versions of Cargo shipped before Rust 1.96.0 are affected.\n\n## Acknowledgements\n\nCargo would like to thank Christos Papakonstantinou for reporting this to us according to the [Rust security policy][1].\n\nCargo also wants to thank the members of the Rust project who helped address the vulnerability: Josh Triplett for developing the fix; Arlo Siemsen for reviewing the fix; Emily Albini for writing this advisory; Emily Albini, Josh Stone and Manish Goregaokar for coordinating the disclosure; Ed Page and Eric Huss for advising during the disclosure.\n\n[1]: https://rust-lang.org/policies/security",
  "id": "GHSA-jq42-7mfv-hm57",
  "modified": "2026-06-26T21:48:43Z",
  "published": "2026-06-26T21:48:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-jq42-7mfv-hm57"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5223"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-lang/cargo/pull/17031"
    },
    {
      "type": "WEB",
      "url": "https://blog.rust-lang.org/2026/05/25/cve-2026-5223"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-lang/cargo"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Cargo crates in third party registries can override the cached source of other crates"
}

GHSA-JWHX-XCG6-8XHJ

Vulnerability from github – Published: 2024-08-09 16:49 – Updated: 2025-06-09 12:17
VLAI
Summary
In aiohttp, compressed files as symlinks are not protected from path traversal
Details

Summary

Static routes which contain files with compressed variants (.gz or .br extension) were vulnerable to path traversal outside the root directory if those variants are symbolic links.

Details

The server protects static routes from path traversal outside the root directory when follow_symlinks=False (default). It does this by resolving the requested URL to an absolute path and then checking that path relative to the root. However, these checks are not performed when looking for compressed variants in the FileResponse class, and symbolic links are then automatically followed when performing Path.stat() and Path.open() to send the file.

Impact

Servers with static routes that contain compressed variants as symbolic links, pointing outside the root directory, or that permit users to upload or create such links, are impacted.


Patch: https://github.com/aio-libs/aiohttp/pull/8653/files

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "aiohttp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.10.0b1"
            },
            {
              "fixed": "3.10.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-09T16:49:58Z",
    "nvd_published_at": "2024-08-12T13:38:34Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nStatic routes which contain files with compressed variants (`.gz` or `.br` extension) were vulnerable to path traversal outside the root directory if those variants are symbolic links.\n\n### Details\nThe server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default).  It does this by resolving the requested URL to an absolute path and then checking that path relative to the root.  However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing `Path.stat()` and `Path.open()` to send the file.\n\n### Impact\nServers with static routes that contain compressed variants as symbolic links, pointing outside the root directory, or that permit users to upload or create such links, are impacted.\n\n----\n\nPatch: https://github.com/aio-libs/aiohttp/pull/8653/files",
  "id": "GHSA-jwhx-xcg6-8xhj",
  "modified": "2025-06-09T12:17:20Z",
  "published": "2024-08-09T16:49:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42367"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/pull/8653"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aio-libs/aiohttp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "In aiohttp, compressed files as symlinks are not protected from path traversal"
}

GHSA-M543-3MP9-RFGF

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-07-03 00:00
VLAI
Details

A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files.",
  "id": "GHSA-m543-3mp9-rfgf",
  "modified": "2022-07-03T00:00:23Z",
  "published": "2022-05-24T19:07:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32518"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6CX-G6QM-P2CX

Vulnerability from github – Published: 2019-12-13 15:39 – Updated: 2021-10-21 21:16
VLAI
Summary
Arbitrary File Write in npm
Details

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user's system when the package is installed. It is only possible to affect files that the user running npm install has access to and it is not possible to over write files that already exist on disk.

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Recommendation

Upgrade to version 6.13.3 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "npm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.13.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-16775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-17T16:30:50Z",
    "nvd_published_at": "2019-12-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user\u0027s system when the package is installed. It is only possible to affect files that the user running `npm install` has access to and it is not possible to over write files that already exist on disk.\n\nThis behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.\n\n\n## Recommendation\n\nUpgrade to version 6.13.3 or later.",
  "id": "GHSA-m6cx-g6qm-p2cx",
  "modified": "2021-10-21T21:16:09Z",
  "published": "2019-12-13T15:39:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16775"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHEA-2020:0330"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0573"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0579"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0597"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0602"
    },
    {
      "type": "WEB",
      "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-m6cx-g6qm-p2cx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/npm/cli"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1434"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary File Write in npm"
}

GHSA-MF9W-MJ56-HR94

Vulnerability from github – Published: 2026-04-21 14:38 – Updated: 2026-04-21 14:38
VLAI
Summary
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
Details

Summary

set_key() and unset_key() in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered.

Details

The rewrite() context manager in dotenv/main.py is used by both set_key() and unset_key() to safely modify .env files. It works by writing to a temporary file (created in the system's default temp directory, typically /tmp) and then using shutil.move() to replace the original file.

When the .env path is a symbolic link and the temp directory resides on a different filesystem than the target (a common configuration on Linux systems using tmpfs for /tmp), the following sequence occurs:

  1. shutil.move() first attempts os.rename(), which fails with an OSError because atomic renames cannot cross device boundaries.
  2. On failure, shutil.move() falls back to shutil.copy2() followed by os.unlink().
  3. shutil.copy2() calls shutil.copyfile() with follow_symlinks=True by default.
  4. This causes the content to be written to the symlink target rather than replacing the symlink itself.

An attacker who has write access to the directory containing a .env file can pre-place a symlink pointing to any file that the application process has write access to. When the application (or a privileged process such as a deploy script, Docker entrypoint, or CI pipeline) calls set_key() or unset_key(), the symlink target is overwritten with the new .env content.

This vulnerability does not require a race condition and is fully deterministic once the preconditions are met.

Impact

The primary impacts are to integrity and availability:

  • File overwrite / destruction (DoS): An attacker can cause an application or privileged process to corrupt or destroy configuration files, database configs, or other sensitive files it would not normally have access to modify.
  • Integrity violation: The target file's original content is replaced with .env-formatted content controlled by the attacker.
  • Potential privilege escalation: In scenarios where a privileged process (running as root or a service account) calls set_key(), the attacker can leverage this to write to files beyond their own access level.

The scope of impact depends on the application using python-dotenv and the privileges under which it runs.

Proof of Concept

The following script demonstrates the vulnerability. It requires /tmp and the user's home directory to reside on different devices (common on systemd-based Linux systems with tmpfs).

import os
import sys
import tempfile
from dotenv import set_key

# Pre-condition: /tmp must be on a different device than the target directory.
tmp_dev = os.stat("/tmp").st_dev
home_dev = os.stat(os.path.expanduser("~")).st_dev
assert tmp_dev != home_dev, "Skipped: /tmp and ~ are on the same device (no cross-device move)"

with tempfile.TemporaryDirectory(dir=os.path.expanduser("~")) as workdir:
    # File an attacker wants to overwrite
    target = os.path.join(workdir, "victim_config.txt")
    with open(target, "w") as f:
        f.write("DB_PASSWORD=supersecret\n")

    # Attacker pre-places a symlink at the path the application will use as .env
    env_symlink = os.path.join(workdir, ".env")
    os.symlink(target, env_symlink)

    before = open(target).read()

    # Application writes a new key -- triggers the cross-device fallback
    set_key(env_symlink, "INJECTED", "attacker_value")

    after = open(target).read()

    print("Before:", repr(before))
    print("After: ", repr(after))
    print("Symlink target overwritten:", target)

Expected output:

Before: 'DB_PASSWORD=supersecret\n'
After:  "DB_PASSWORD=supersecret\nINJECTED='attacker_value'\n"
Symlink target overwritten: /home/user/tmp806nut2g/victim_config.txt

Remediation

The fix changes the rewrite() context manager in the following ways:

  1. Symlinks are no longer followed by default. When the .env path is a symlink, rewrite() now resolves it to the real path before proceeding, or (by default) operates on the symlink entry itself rather than the target.
  2. A follow_symlinks: bool = False parameter is added to set_key() and unset_key() for users who explicitly need the old behavior.
  3. Temp files are written in the same directory as the target .env file (instead of the system temp directory), eliminating the cross-device rename condition entirely.
  4. os.replace() is used instead of shutil.move(), providing atomic replacement without symlink-following fallback behavior.

Users are advised to upgrade to the patched version as soon as it is available on PyPI.

Timeline

Date Event
2026-01-09 Initial report received from Giorgos Tsigourakos regarding a separate, unrelated issue also located in rewrite()
2026-01-10 Co-maintainer acknowledged report, requested clarification
2026-01-11 Initial report assessed as not exploitable and closed
2026-02-24 Reporter identified new, distinct cross-device symlink attack vector with deterministic exploitation
2026-02-26 Co-maintainer confirmed vulnerability and shared draft patch
2026-02-26 Reporter validated fix with monkeypatched PoC, proposed CVSS
2026-03-01 Patch merged to main
2026-03-01 Patched version released to PyPI
2026-04-20 Advisory published

Patches

Upgrade to v.1.2.2 or use the patch from https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311.patch

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "python-dotenv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-21T14:38:57Z",
    "nvd_published_at": "2026-04-20T17:16:33Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\n`set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered.\n\n\n### Details\n\nThe `rewrite()` context manager in `dotenv/main.py` is used by both `set_key()` and `unset_key()` to safely modify `.env` files. It works by writing to a temporary file (created in the system\u0027s default temp directory, typically `/tmp`) and then using `shutil.move()` to replace the original file.\n\nWhen the `.env` path is a symbolic link and the temp directory resides on a different filesystem than the target (a common configuration on Linux systems using tmpfs for `/tmp`), the following sequence occurs:\n\n1. `shutil.move()` first attempts `os.rename()`, which fails with an `OSError` because atomic renames cannot cross device boundaries.\n2. On failure, `shutil.move()` falls back to `shutil.copy2()` followed by `os.unlink()`.\n3. `shutil.copy2()` calls `shutil.copyfile()` with `follow_symlinks=True` by default.\n4. This causes the content to be written to the **symlink target** rather than replacing the symlink itself.\n\nAn attacker who has write access to the directory containing a `.env` file can pre-place a symlink pointing to any file that the application process has write access to. When the application (or a privileged process such as a deploy script, Docker entrypoint, or CI pipeline) calls `set_key()` or `unset_key()`, the symlink target is overwritten with the new `.env` content.\n\nThis vulnerability does not require a race condition and is fully deterministic once the preconditions are met.\n\n### Impact\nThe primary impacts are to **integrity** and **availability**:\n\n- **File overwrite / destruction (DoS):** An attacker can cause an application or privileged process to corrupt or destroy configuration files, database configs, or other sensitive files it would not normally have access to modify.\n- **Integrity violation:** The target file\u0027s original content is replaced with `.env`-formatted content controlled by the attacker.\n- **Potential privilege escalation:** In scenarios where a privileged process (running as root or a service account) calls `set_key()`, the attacker can leverage this to write to files beyond their own access level.\n\nThe scope of impact depends on the application using python-dotenv and the privileges under which it runs.\n\n\n### Proof of Concept\n\nThe following script demonstrates the vulnerability. It requires `/tmp` and the user\u0027s home directory to reside on different devices (common on systemd-based Linux systems with tmpfs).\n\n```python\nimport os\nimport sys\nimport tempfile\nfrom dotenv import set_key\n\n# Pre-condition: /tmp must be on a different device than the target directory.\ntmp_dev = os.stat(\"/tmp\").st_dev\nhome_dev = os.stat(os.path.expanduser(\"~\")).st_dev\nassert tmp_dev != home_dev, \"Skipped: /tmp and ~ are on the same device (no cross-device move)\"\n\nwith tempfile.TemporaryDirectory(dir=os.path.expanduser(\"~\")) as workdir:\n    # File an attacker wants to overwrite\n    target = os.path.join(workdir, \"victim_config.txt\")\n    with open(target, \"w\") as f:\n        f.write(\"DB_PASSWORD=supersecret\\n\")\n\n    # Attacker pre-places a symlink at the path the application will use as .env\n    env_symlink = os.path.join(workdir, \".env\")\n    os.symlink(target, env_symlink)\n\n    before = open(target).read()\n\n    # Application writes a new key -- triggers the cross-device fallback\n    set_key(env_symlink, \"INJECTED\", \"attacker_value\")\n\n    after = open(target).read()\n\n    print(\"Before:\", repr(before))\n    print(\"After: \", repr(after))\n    print(\"Symlink target overwritten:\", target)\n```\n\n**Expected output:**\n```\nBefore: \u0027DB_PASSWORD=supersecret\\n\u0027\nAfter:  \"DB_PASSWORD=supersecret\\nINJECTED=\u0027attacker_value\u0027\\n\"\nSymlink target overwritten: /home/user/tmp806nut2g/victim_config.txt\n```\n\n### Remediation\n\nThe fix changes the `rewrite()` context manager in the following ways:\n\n1. **Symlinks are no longer followed by default.** When the `.env` path is a symlink, `rewrite()` now resolves it to the real path before proceeding, or (by default) operates on the symlink entry itself rather than the target.\n2. **A `follow_symlinks: bool = False` parameter** is added to `set_key()` and `unset_key()` for users who explicitly need the old behavior.\n3. **Temp files are written in the same directory** as the target `.env` file (instead of the system temp directory), eliminating the cross-device rename condition entirely.\n4. **`os.replace()` is used instead of `shutil.move()`**, providing atomic replacement without symlink-following fallback behavior.\n\nUsers are advised to upgrade to the patched version as soon as it is available on PyPI.\n\n### Timeline\n\n| Date             | Event                                                                                                                                                                 |\n| ------------ | ---------------------------------------------------------------------------------------------------- |\n| 2026-01-09  | Initial report received from Giorgos Tsigourakos regarding a separate, unrelated issue also located in `rewrite()` |\n| 2026-01-10   | Co-maintainer acknowledged report, requested clarification                                                         |\n| 2026-01-11    | Initial report assessed as not exploitable and closed                                                              |\n| 2026-02-24  | Reporter identified new, distinct cross-device symlink attack vector with deterministic exploitation               |\n| 2026-02-26  | Co-maintainer confirmed vulnerability and shared draft patch                                                       |\n| 2026-02-26  | Reporter validated fix with monkeypatched PoC, proposed CVSS                                                       |\n| 2026-03-01   | Patch merged to main                                                                                               |\n| 2026-03-01   | Patched version released to PyPI                                                                                   |\n| 2026-04-20   | Advisory published                                                                                                 |\n\n### Patches\n\nUpgrade to v.1.2.2 or use the patch from https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311.patch",
  "id": "GHSA-mf9w-mj56-hr94",
  "modified": "2026-04-21T14:38:57Z",
  "published": "2026-04-21T14:38:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28684"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311.patch"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/theskumar/python-dotenv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback"
}

GHSA-MJ4Q-R4HV-QWVC

Vulnerability from github – Published: 2025-10-02 15:31 – Updated: 2025-10-02 15:31
VLAI
Details

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-02T14:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.",
  "id": "GHSA-mj4q-r4hv-qwvc",
  "modified": "2025-10-02T15:31:16Z",
  "published": "2025-10-02T15:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53881"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53881"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-27: Leveraging Race Conditions via Symbolic Links

This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.