Common Weakness Enumeration

CWE-35

Allowed

Path Traversal: '.../...//'

Abstraction: Variant · Status: Incomplete

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

334 vulnerabilities reference this CWE, most recent first.

GHSA-3X3C-PJW5-PJR2

Vulnerability from github – Published: 2023-12-01 00:31 – Updated: 2023-12-01 00:31
VLAI
Details

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-30T22:15:08Z",
    "severity": "HIGH"
  },
  "details": "In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.",
  "id": "GHSA-3x3c-pjw5-pjr2",
  "modified": "2023-12-01T00:31:00Z",
  "published": "2023-12-01T00:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46690"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4586-432G-JMVG

Vulnerability from github – Published: 2026-02-17 21:31 – Updated: 2026-03-11 18:30
VLAI
Details

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59793"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T19:21:54Z",
    "severity": "CRITICAL"
  },
  "details": "Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn\u0027t properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.",
  "id": "GHSA-4586-432g-jmvg",
  "modified": "2026-03-11T18:30:25Z",
  "published": "2026-02-17T21:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59793"
    },
    {
      "type": "WEB",
      "url": "https://www.rcesecurity.com"
    },
    {
      "type": "WEB",
      "url": "https://www.rcesecurity.com/advisories/cve-2025-59793"
    },
    {
      "type": "WEB",
      "url": "https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion"
    },
    {
      "type": "WEB",
      "url": "https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-485R-PHMQ-84VW

Vulnerability from github – Published: 2025-04-17 00:30 – Updated: 2025-04-17 00:30
VLAI
Details

Overview

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35)

Description

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service.

Impact

This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T23:15:45Z",
    "severity": "MODERATE"
  },
  "details": "Overview \n\n\n\n\u00a0\n\n\n\nThe product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \u0027.../...//\u0027 (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) \n\n\n\n\u00a0\n\n\n\nDescription \n\n\n\n\u00a0\n\n\n\nHitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service. \n\n\n\n\u00a0\n\n\n\nImpact \n\n\n\n\u00a0\n\n\n\nThis allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.",
  "id": "GHSA-485r-phmq-84vw",
  "modified": "2025-04-17T00:30:26Z",
  "published": "2025-04-17T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24908"
    },
    {
      "type": "WEB",
      "url": "https://support.pentaho.com/hc/en-us/articles/35783399569421--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Path-Traversal-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-24908"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4CCX-55GP-X5QQ

Vulnerability from github – Published: 2024-11-19 00:32 – Updated: 2026-04-01 18:32
VLAI
Details

: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T22:15:08Z",
    "severity": "MODERATE"
  },
  "details": ": Path Traversal: \u0027.../...//\u0027 vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.",
  "id": "GHSA-4ccx-55gp-x5qq",
  "modified": "2026-04-01T18:32:26Z",
  "published": "2024-11-19T00:32:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52390"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/cyan-backup/vulnerability/wordpress-cyan-backup-plugin-2-5-3-arbitrary-file-download-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/cyan-backup/wordpress-cyan-backup-plugin-2-5-3-arbitrary-file-download-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4CH2-HCMC-WJW8

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-52703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:17:24Z",
    "severity": "CRITICAL"
  },
  "details": "Unauthenticated Path Traversal in FastDup \u003c= 2.7.2 versions.",
  "id": "GHSA-4ch2-hcmc-wjw8",
  "modified": "2026-06-15T21:30:50Z",
  "published": "2026-06-15T21:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52703"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/fastdup/vulnerability/wordpress-fastdup-plugin-2-7-2-path-traversal-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4GH8-CR63-898J

Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31
VLAI
Details

Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-06T16:16:00Z",
    "severity": "HIGH"
  },
  "details": "Path Traversal: \u0027.../...//\u0027 vulnerability in Dmitry V. (CEO of \"UKR Solution\") Barcode Scanner with Inventory \u0026 Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory \u0026 Order Manager: from n/a through \u003c= 1.10.4.",
  "id": "GHSA-4gh8-cr63-898j",
  "modified": "2026-01-20T15:31:49Z",
  "published": "2025-11-06T18:32:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58972"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-10-4-path-traversal-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-10-4-path-traversal-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-10-4-path-traversal-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4HJ9-78FP-PPFG

Vulnerability from github – Published: 2025-08-30 03:30 – Updated: 2025-08-30 03:30
VLAI
Details

Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-30T02:15:32Z",
    "severity": "MODERATE"
  },
  "details": "Path Traversal: \u0027.../...//\u0027 vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.",
  "id": "GHSA-4hj9-78fp-ppfg",
  "modified": "2025-08-30T03:30:25Z",
  "published": "2025-08-30T03:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4956"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/theme/pro-watermark/vulnerability/wordpress-pro-bulk-watermark-plugin-for-wordpress-theme-2-0-path-traversal-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MRC-W7JH-HX4J

Vulnerability from github – Published: 2024-08-23 21:30 – Updated: 2024-08-23 22:51
VLAI
Summary
Mage AI Path Traversal vulnerability
Details

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mage-ai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.9.73"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-23T22:51:35Z",
    "nvd_published_at": "2024-08-23T20:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Mage AI allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server due to a path traversal in the \"Pipeline Interaction\" request",
  "id": "GHSA-4mrc-w7jh-hx4j",
  "modified": "2024-08-23T22:51:35Z",
  "published": "2024-08-23T21:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45190"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mage-ai/mage-ai"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/mage-ai-pipeline-interaction-request-remote-arbitrary-file-leak-jfsa-2024-001039605"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Mage AI Path Traversal vulnerability"
}

GHSA-4MV3-RXRJ-2GHR

Vulnerability from github – Published: 2025-09-10 18:30 – Updated: 2025-09-10 18:30
VLAI
Details

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-10T16:15:37Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: \u0027.../...//\u0027 vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.",
  "id": "GHSA-4mv3-rxrj-2ghr",
  "modified": "2025-09-10T18:30:15Z",
  "published": "2025-09-10T18:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43886"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000367456/dsa-2025-326-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52C6-VX83-RC69

Vulnerability from github – Published: 2025-02-04 09:31 – Updated: 2025-02-05 18:34
VLAI
Details

Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-04T08:15:32Z",
    "severity": "HIGH"
  },
  "details": "Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.",
  "id": "GHSA-52c6-vx83-rc69",
  "modified": "2025-02-05T18:34:44Z",
  "published": "2025-02-04T09:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22205"
    },
    {
      "type": "WEB",
      "url": "http://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-gallery"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, the ".../...//" manipulation is useful for bypassing some path traversal protection schemes. If "../" sequences are removed from the ".../...//" string in a sequential fashion (as some regular expression engines and other algorithms operate) the string can collapse into the unsafe "../" value (CWE-182). Removing the first "../" yields "....//" and the second removal yields "../".
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.