CWE-426
Allowed-with-ReviewUntrusted Search Path
Abstraction: Base · Status: Stable
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
892 vulnerabilities reference this CWE, most recent first.
CVE-2021-31841 (GCVE-0-2021-31841)
Vulnerability from cvelistv5 – Published: 2021-09-22 13:25 – Updated: 2024-08-03 23:10| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee,LLC | McAfee Agent for Windows |
Affected:
unspecified , < 5.7.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10369"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "McAfee Agent for Windows",
"vendor": "McAfee,LLC",
"versions": [
{
"lessThan": "5.7.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-22T13:25:11.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10369"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DLL side loading vulnerability in MA for Windows",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2021-31841",
"STATE": "PUBLIC",
"TITLE": "DLL side loading vulnerability in MA for Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent for Windows",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "5.7.4"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10369",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10369"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2021-31841",
"datePublished": "2021-09-22T13:25:11.000Z",
"dateReserved": "2021-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:10:30.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26738 (GCVE-0-2021-26738)
Vulnerability from cvelistv5 – Published: 2023-10-23 13:24 – Updated: 2025-02-27 20:40- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | |
|---|---|---|---|
| Zscaler | Client Connector |
Affected:
0 , < 3.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS\u0026applicable_version=3.7\u0026deployment_date=2022-08-19\u0026id=1414851"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:27.775796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:40:03.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Client Connector",
"vendor": "Zscaler",
"versions": [
{
"lessThan": "3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Deutsche Bank Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.\n\n\u003cbr\u003e"
}
],
"value": "Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T13:24:49.584Z",
"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"shortName": "Zscaler"
},
"references": [
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS\u0026applicable_version=3.7\u0026deployment_date=2022-08-19\u0026id=1414851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation for ZCC macOS via PATH Variable",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"assignerShortName": "Zscaler",
"cveId": "CVE-2021-26738",
"datePublished": "2023-10-23T13:24:49.584Z",
"dateReserved": "2021-02-05T20:34:27.824Z",
"dateUpdated": "2025-02-27T20:40:03.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25699 (GCVE-0-2021-25699)
Vulnerability from cvelistv5 – Published: 2021-07-21 12:26 – Updated: 2024-08-03 20:11- CWE-426 - Untrusted Search Path (CWE-426)
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/102/ | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:26:47.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/102/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/102/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25699",
"datePublished": "2021-07-21T12:26:47.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25698 (GCVE-0-2021-25698)
Vulnerability from cvelistv5 – Published: 2021-07-21 12:26 – Updated: 2024-08-03 20:11- CWE-426 - Untrusted Search Path (CWE-426)
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/102/ | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:26:55.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/102/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/102/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25698",
"datePublished": "2021-07-21T12:26:55.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21562 (GCVE-0-2021-21562)
Vulnerability from cvelistv5 – Published: 2021-08-02 23:45 – Updated: 2024-09-17 01:25- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/000188148 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
8.1.2, 8.1.3, 9.1.0.x, 9.0.0.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000188148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "8.1.2, 8.1.3, 9.1.0.x, 9.0.0.x"
}
]
}
],
"datePublic": "2021-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application\u2019s direct control."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T23:45:16.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000188148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-06-09",
"ID": "CVE-2021-21562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.1.2, 8.1.3, 9.1.0.x, 9.0.0.x"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application\u2019s direct control."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000188148",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000188148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21562",
"datePublished": "2021-08-02T23:45:16.289Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:25:32.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21237 (GCVE-0-2021-21237)
Vulnerability from cvelistv5 – Published: 2021-01-15 17:36 – Updated: 2024-08-03 18:09- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://github.com/git-lfs/git-lfs/security/advis… | x_refsource_CONFIRM |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | x_refsource_MISC |
| https://github.com/git-lfs/git-lfs/releases/tag/v2.13.2 | x_refsource_MISC |
| https://github.com/git-lfs/git-lfs/commit/fc66469… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-lfs/git-lfs/releases/tag/v2.13.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "git-lfs",
"vendor": "git-lfs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:36:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-lfs/git-lfs/releases/tag/v2.13.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a"
}
],
"source": {
"advisory": "GHSA-cx3w-xqmc-84g5",
"discovery": "UNKNOWN"
},
"title": "Git LFS can execute a Git binary from the current directory on Windows",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21237",
"STATE": "PUBLIC",
"TITLE": "Git LFS can execute a Git binary from the current directory on Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "git-lfs",
"version": {
"version_data": [
{
"version_value": "\u003c 2.13.2"
}
]
}
}
]
},
"vendor_name": "git-lfs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5",
"refsource": "CONFIRM",
"url": "https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27955",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27955"
},
{
"name": "https://github.com/git-lfs/git-lfs/releases/tag/v2.13.2",
"refsource": "MISC",
"url": "https://github.com/git-lfs/git-lfs/releases/tag/v2.13.2"
},
{
"name": "https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a",
"refsource": "MISC",
"url": "https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a"
}
]
},
"source": {
"advisory": "GHSA-cx3w-xqmc-84g5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21237",
"datePublished": "2021-01-15T17:36:09.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:15.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21078 (GCVE-0-2021-21078)
Vulnerability from cvelistv5 – Published: 2021-03-12 18:16 – Updated: 2025-04-23 19:42- CWE-426 - Untrusted Search Path (CWE-426)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/creativ… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Creative Cloud (desktop component) |
Affected:
unspecified , ≤ 5.3
(custom)
Affected: unspecified , ≤ None (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:13.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:19:32.497012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:42:41.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Creative Cloud (desktop component)",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T18:16:48.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Creative Cloud Unquoted Service Path in CCXProcess",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-03-09T23:00:00.000Z",
"ID": "CVE-2021-21078",
"STATE": "PUBLIC",
"TITLE": "Adobe Creative Cloud Unquoted Service Path in CCXProcess"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Creative Cloud (desktop component)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21078",
"datePublished": "2021-03-12T18:16:48.444Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:42:41.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21055 (GCVE-0-2021-21055)
Vulnerability from cvelistv5 – Published: 2021-02-11 20:12 – Updated: 2025-04-23 19:45- CWE-426 - Untrusted Search Path (CWE-426)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/dreamwe… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Dreamweaver |
Affected:
unspecified , ≤ 21.0
(custom)
Affected: unspecified , ≤ 20.2 (custom) Affected: unspecified , ≤ None (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:13.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:03.510204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:45:26.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dreamweaver",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "21.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "20.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T20:12:37.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-02-09T23:00:00.000Z",
"ID": "CVE-2021-21055",
"STATE": "PUBLIC",
"TITLE": "Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dreamweaver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "21.0"
},
{
"version_affected": "\u003c=",
"version_value": "20.2"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Physical",
"availabilityImpact": "High",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21055",
"datePublished": "2021-02-11T20:12:37.844Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:45:26.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4435 (GCVE-0-2021-4435)
Vulnerability from cvelistv5 – Published: 2024-02-04 19:16 – Updated: 2025-06-17 14:29- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2021-4435 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262284 | issue-trackingx_refsource_REDHAT |
| https://github.com/yarnpkg/yarn/commit/67fcce8893… | |
| https://github.com/yarnpkg/yarn/releases/tag/v1.22.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4435"
},
{
"name": "RHBZ#2262284",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:29:04.160012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:29:17.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "yarn",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "1.22.13"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "yarnpkg",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "yarnpkg",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Paul Gerste (Sonar) for reporting this issue."
}
],
"datePublic": "2021-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T19:16:35.651Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4435"
},
{
"name": "RHBZ#2262284",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284"
},
{
"url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1"
},
{
"url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-23T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2021-09-20T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Yarn: untrusted search path",
"x_redhatCweChain": "CWE-426: Untrusted Search Path"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2021-4435",
"datePublished": "2024-02-04T19:16:35.651Z",
"dateReserved": "2024-02-01T14:23:02.896Z",
"dateUpdated": "2025-06-17T14:29:17.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10733 (GCVE-0-2020-10733)
Vulnerability from cvelistv5 – Published: 2020-09-16 14:55 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| https://www.postgresql.org/support/security/11/ | x_refsource_MISC |
| https://www.postgresql.org/about/news/2038/ | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2020100… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PostgreSQL |
Affected:
9.5, 9.6, 10, 11, 12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.postgresql.org/support/security/11/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/2038/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201001-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.5, 9.6, 10, 11, 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer\u0027s administrative rights."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T13:06:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.postgresql.org/support/security/11/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.postgresql.org/about/news/2038/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201001-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "9.5, 9.6, 10, 11, 12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer\u0027s administrative rights."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.postgresql.org/support/security/11/",
"refsource": "MISC",
"url": "https://www.postgresql.org/support/security/11/"
},
{
"name": "https://www.postgresql.org/about/news/2038/",
"refsource": "MISC",
"url": "https://www.postgresql.org/about/news/2038/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201001-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201001-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10733",
"datePublished": "2020-09-16T14:55:56.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Attack Surface Reduction
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Mitigation
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Mitigation
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Mitigation
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Mitigation
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CAPEC-38: Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.