CWE-24
Path Traversal: '../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
CVE-2025-53513 (GCVE-0-2025-53513)
Vulnerability from cvelistv5 – Published: 2025-07-08 16:57 – Updated: 2025-07-09 14:00
VLAI
Title
Zip slip vulnerability in Juju
Summary
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
Severity
8.8 (High)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53513",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T14:00:06.132356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T14:00:10.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://juju.is/",
"defaultStatus": "unaffected",
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.9.52",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A charm that exploits a Zip Slip vulnerability may be used to gain access to a machine running a unit that uses the affected charm."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T16:57:06.351Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8"
}
],
"source": {
"advisory": "https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8",
"discovery": "INTERNAL"
},
"title": "Zip slip vulnerability in Juju"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2025-53513",
"datePublished": "2025-07-08T16:57:06.351Z",
"dateReserved": "2025-07-02T08:52:42.037Z",
"dateUpdated": "2025-07-09T14:00:10.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54769 (GCVE-0-2025-54769)
Vulnerability from cvelistv5 – Published: 2025-07-28 23:34 – Updated: 2025-11-03 20:06
VLAI
Title
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
Summary
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
Severity
8.8 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001… | third-party-advisory |
| https://lpar2rrd.com/note800.php | release-notes |
Date Public
2025-07-28 23:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54769",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:20:37.673761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:22:11.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:37.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "LPAR2RRD",
"vendor": "Xorux",
"versions": [
{
"status": "affected",
"version": "8.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered by Jim Becher of KoreLogic, Inc."
}
],
"datePublic": "2025-07-28T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker."
}
],
"value": "An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648 Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T23:34:38.972Z",
"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"shortName": "KoreLogic"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt"
},
{
"tags": [
"release-notes"
],
"url": "https://lpar2rrd.com/note800.php"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"assignerShortName": "KoreLogic",
"cveId": "CVE-2025-54769",
"datePublished": "2025-07-28T23:34:38.972Z",
"dateReserved": "2025-07-28T16:02:18.186Z",
"dateUpdated": "2025-11-03T20:06:37.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59049 (GCVE-0-2025-59049)
Vulnerability from cvelistv5 – Published: 2025-09-10 18:49 – Updated: 2025-09-10 19:19
VLAI
Title
Mockoon has a Path Traversal and LFI in the static file serving endpoint
Summary
Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server filesystem.
The issue may be particularly relevant in cloud hosted server instances. Version 9.2.0 fixes the issue.
Severity
7.5 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/mockoon/mockoon/security/advis… | x_refsource_CONFIRM |
| https://github.com/mockoon/mockoon/commit/c7f6e23… | x_refsource_MISC |
| https://github.com/mockoon/mockoon/blob/1ed31c405… | x_refsource_MISC |
| https://github.com/mockoon/mockoon/blob/1ed31c405… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59049",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:18:51.161952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:19:20.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mockoon",
"vendor": "mockoon",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server filesystem.\nThe issue may be particularly relevant in cloud hosted server instances. Version 9.2.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T18:49:06.060Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mockoon/mockoon/security/advisories/GHSA-w7f9-wqc4-3wxr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mockoon/mockoon/security/advisories/GHSA-w7f9-wqc4-3wxr"
},
{
"name": "https://github.com/mockoon/mockoon/commit/c7f6e23e87dc3b8cc44e5802af046200a797bd2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mockoon/mockoon/commit/c7f6e23e87dc3b8cc44e5802af046200a797bd2e"
},
{
"name": "https://github.com/mockoon/mockoon/blob/1ed31c4059d7f757f6cb2a43e10dc81b0d9c55a9/packages/commons-server/src/libs/server/server.ts#L1400",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mockoon/mockoon/blob/1ed31c4059d7f757f6cb2a43e10dc81b0d9c55a9/packages/commons-server/src/libs/server/server.ts#L1400"
},
{
"name": "https://github.com/mockoon/mockoon/blob/1ed31c4059d7f757f6cb2a43e10dc81b0d9c55a9/packages/commons-server/src/libs/server/server.ts#L1551",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mockoon/mockoon/blob/1ed31c4059d7f757f6cb2a43e10dc81b0d9c55a9/packages/commons-server/src/libs/server/server.ts#L1551"
}
],
"source": {
"advisory": "GHSA-w7f9-wqc4-3wxr",
"discovery": "UNKNOWN"
},
"title": "Mockoon has a Path Traversal and LFI in the static file serving endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59049",
"datePublished": "2025-09-10T18:49:06.060Z",
"dateReserved": "2025-09-08T16:19:26.172Z",
"dateUpdated": "2025-09-10T19:19:20.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59342 (GCVE-0-2025-59342)
Vulnerability from cvelistv5 – Published: 2025-09-17 17:59 – Updated: 2026-01-14 15:52
VLAI
Title
esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
Summary
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s storage base directory. As a result, supplying ../ sequences in X-Zone-Id causes files to be written to arbitrary directories. Version 136.1 contains a patch.
Severity
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/esm-dev/esm.sh/security/adviso… | x_refsource_CONFIRM |
| https://github.com/esm-dev/esm.sh/commit/833a29f4… | x_refsource_MISC |
| https://github.com/esm-dev/esm.sh/blob/main/serve… | x_refsource_MISC |
| https://github.com/esm-dev/esm.sh/blob/main/serve… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59342",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T18:19:55.260782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T18:20:28.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esm.sh",
"vendor": "esm-dev",
"versions": [
{
"status": "affected",
"version": "\u003c= 136"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application\u2019s storage base directory. As a result, supplying ../ sequences in X-Zone-Id causes files to be written to arbitrary directories. Version 136.1 contains a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T15:52:09.174Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/esm-dev/esm.sh/security/advisories/GHSA-g2h5-cvvr-7gmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/esm-dev/esm.sh/security/advisories/GHSA-g2h5-cvvr-7gmw"
},
{
"name": "https://github.com/esm-dev/esm.sh/commit/833a29f42aeb0acbd7089a71be11dd0a292d3151",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esm-dev/esm.sh/commit/833a29f42aeb0acbd7089a71be11dd0a292d3151"
},
{
"name": "https://github.com/esm-dev/esm.sh/blob/main/server/router.go#L116",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esm-dev/esm.sh/blob/main/server/router.go#L116"
},
{
"name": "https://github.com/esm-dev/esm.sh/blob/main/server/router.go#L411",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esm-dev/esm.sh/blob/main/server/router.go#L411"
}
],
"source": {
"advisory": "GHSA-g2h5-cvvr-7gmw",
"discovery": "UNKNOWN"
},
"title": "esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59342",
"datePublished": "2025-09-17T17:59:34.163Z",
"dateReserved": "2025-09-12T12:36:24.636Z",
"dateUpdated": "2026-01-14T15:52:09.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60344 (GCVE-0-2025-60344)
Vulnerability from cvelistv5 – Published: 2025-10-21 00:00 – Updated: 2026-02-27 17:17
VLAI
Summary
A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as “../”). Successful exploitation may allow access to files outside of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.
Severity
8.6 (High)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60344",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T20:18:40.408500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T20:22:10.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DSR-150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.09B32_WW"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as \u201c../\u201d). Successful exploitation may allow access to files outside of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T17:17:53.807Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/"
},
{
"url": "https://github.com/fyoozr/vulnerability-research/tree/main/CVE-2025-60344"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-60344",
"datePublished": "2025-10-21T00:00:00.000Z",
"dateReserved": "2025-09-26T00:00:00.000Z",
"dateUpdated": "2026-02-27T17:17:53.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67845 (GCVE-0-2025-67845)
Vulnerability from cvelistv5 – Published: 2025-12-19 00:00 – Updated: 2025-12-19 15:12 Exclusively Hosted Service
VLAI
Summary
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.
Severity
6.4 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mintlify | Mintlify Platform |
Affected:
0 , < 2025-11-15
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67845",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:08:35.298490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:08:44.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mintlify Platform",
"vendor": "Mintlify",
"versions": [
{
"lessThan": "2025-11-15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:12:10.615Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mintlify.com/docs/changelog"
},
{
"url": "https://www.mintlify.com/blog/working-with-security-researchers-november-2025"
},
{
"url": "https://kibty.town/blog/mintlify/"
},
{
"url": "https://news.ycombinator.com/item?id=46317098"
},
{
"url": "https://heartbreak.ing/"
}
],
"tags": [
"exclusively-hosted-service"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67845",
"datePublished": "2025-12-19T00:00:00.000Z",
"dateReserved": "2025-12-12T00:00:00.000Z",
"dateUpdated": "2025-12-19T15:12:10.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68430 (GCVE-0-2025-68430)
Vulnerability from cvelistv5 – Published: 2025-12-19 17:11 – Updated: 2025-12-19 17:59
VLAI
Title
CVAT vulnerable to directory traversal via mounted share listing
Summary
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of contained files and subdirectories. The contents of files are not accessible. Version 2.53.0 contains a patch. No known workarounds are available.
Severity
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cvat-ai/cvat/security/advisori… | x_refsource_CONFIRM |
| https://github.com/cvat-ai/cvat/commit/2c24ef0c3f… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:23:11.103119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:59:36.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.8.1, \u003c 2.53.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of contained files and subdirectories. The contents of files are not accessible. Version 2.53.0 contains a patch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:11:46.949Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-3g7v-xjh7-xmqx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-3g7v-xjh7-xmqx"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/2c24ef0c3f8fd94f6c71cff4eafcf11bfcaa5f91",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/2c24ef0c3f8fd94f6c71cff4eafcf11bfcaa5f91"
}
],
"source": {
"advisory": "GHSA-3g7v-xjh7-xmqx",
"discovery": "UNKNOWN"
},
"title": "CVAT vulnerable to directory traversal via mounted share listing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68430",
"datePublished": "2025-12-19T17:11:46.949Z",
"dateReserved": "2025-12-17T15:29:39.379Z",
"dateUpdated": "2025-12-19T17:59:36.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21436 (GCVE-0-2026-21436)
Vulnerability from cvelistv5 – Published: 2026-01-01 18:03 – Updated: 2026-01-02 18:52
VLAI
Title
eopkg has Path Traversal: '../filedir' vulnerability
Summary
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given by `--destdir`, but on a different location on the host. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.
Severity
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/getsolus/eopkg/security/adviso… | x_refsource_CONFIRM |
| https://github.com/getsolus/eopkg/pull/201 | x_refsource_MISC |
| https://github.com/getsolus/eopkg/commit/e7694323… | x_refsource_MISC |
| https://github.com/getsolus/eopkg/releases/tag/v4.4.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T18:52:38.059266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T18:52:58.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "eopkg",
"vendor": "getsolus",
"versions": [
{
"status": "affected",
"version": "\u003c 4.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given by `--destdir`, but on a different location on the host. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-01T18:03:17.320Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getsolus/eopkg/security/advisories/GHSA-786v-47cq-qm6m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getsolus/eopkg/security/advisories/GHSA-786v-47cq-qm6m"
},
{
"name": "https://github.com/getsolus/eopkg/pull/201",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getsolus/eopkg/pull/201"
},
{
"name": "https://github.com/getsolus/eopkg/commit/e7694323ed64e08b5b4b108fff273c64125cd39d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getsolus/eopkg/commit/e7694323ed64e08b5b4b108fff273c64125cd39d"
},
{
"name": "https://github.com/getsolus/eopkg/releases/tag/v4.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getsolus/eopkg/releases/tag/v4.4.0"
}
],
"source": {
"advisory": "GHSA-786v-47cq-qm6m",
"discovery": "UNKNOWN"
},
"title": "eopkg has Path Traversal: \u0027../filedir\u0027 vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21436",
"datePublished": "2026-01-01T18:03:17.320Z",
"dateReserved": "2025-12-29T03:00:29.275Z",
"dateUpdated": "2026-01-02T18:52:58.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21857 (GCVE-0-2026-21857)
Vulnerability from cvelistv5 – Published: 2026-01-07 22:32 – Updated: 2026-01-08 18:17
VLAI
Title
Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read
Summary
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
Severity
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/redaxo/redaxo/security/advisor… | x_refsource_CONFIRM |
| https://github.com/redaxo/redaxo/releases/tag/5.20.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21857",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T15:09:21.125268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:17:35.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redaxo",
"vendor": "redaxo",
"versions": [
{
"status": "affected",
"version": "\u003c 5.20.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon\u0027s file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T22:32:35.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv"
},
{
"name": "https://github.com/redaxo/redaxo/releases/tag/5.20.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redaxo/redaxo/releases/tag/5.20.2"
}
],
"source": {
"advisory": "GHSA-824x-88xg-cwrv",
"discovery": "UNKNOWN"
},
"title": "Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21857",
"datePublished": "2026-01-07T22:32:15.859Z",
"dateReserved": "2026-01-05T16:44:16.367Z",
"dateUpdated": "2026-01-08T18:17:35.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22810 (GCVE-0-2026-22810)
Vulnerability from cvelistv5 – Published: 2026-05-18 20:23 – Updated: 2026-05-20 03:55
VLAI
Title
Joplin: Path traversal in OneNote importer allows overwriting arbitrary files
Summary
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7.
Severity
8.2 (High)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/laurent22/joplin/security/advi… | x_refsource_CONFIRM |
| https://github.com/laurent22/joplin/pull/13736 | x_refsource_MISC |
| https://github.com/laurent22/joplin/commit/791668… | x_refsource_MISC |
| https://github.com/laurent22/joplin/blob/af5108d7… | x_refsource_MISC |
| https://github.com/laurent22/joplin/releases/tag/v3.5.7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T03:55:23.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joplin",
"vendor": "laurent22",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it\u0027s possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T20:23:57.607Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-gcmj-c9gg-9vh6"
},
{
"name": "https://github.com/laurent22/joplin/pull/13736",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/pull/13736"
},
{
"name": "https://github.com/laurent22/joplin/commit/791668455e1aae50501ff57ea4783b3fba9d377c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/commit/791668455e1aae50501ff57ea4783b3fba9d377c"
},
{
"name": "https://github.com/laurent22/joplin/blob/af5108d70233b1db9410346958c1587cf7c1b16d/packages/onenote-converter/renderer/src/page/embedded_file.rs#L13-L16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/blob/af5108d70233b1db9410346958c1587cf7c1b16d/packages/onenote-converter/renderer/src/page/embedded_file.rs#L13-L16"
},
{
"name": "https://github.com/laurent22/joplin/releases/tag/v3.5.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laurent22/joplin/releases/tag/v3.5.7"
}
],
"source": {
"advisory": "GHSA-gcmj-c9gg-9vh6",
"discovery": "UNKNOWN"
},
"title": "Joplin: Path traversal in OneNote importer allows overwriting arbitrary files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22810",
"datePublished": "2026-05-18T20:23:57.607Z",
"dateReserved": "2026-01-09T22:50:10.288Z",
"dateUpdated": "2026-05-20T03:55:23.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.