CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1985 vulnerabilities reference this CWE, most recent first.
GHSA-WMW3-MPR6-R79J
Vulnerability from github – Published: 2023-08-04 18:30 – Updated: 2024-04-04 06:34An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
{
"affected": [],
"aliases": [
"CVE-2023-39107"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-04T18:15:16Z",
"severity": "CRITICAL"
},
"details": "An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.",
"id": "GHSA-wmw3-mpr6-r79j",
"modified": "2024-04-04T06:34:06Z",
"published": "2023-08-04T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39107"
},
{
"type": "WEB",
"url": "https://kb.nomachine.com/SU07U00247"
},
{
"type": "WEB",
"url": "https://kb.nomachine.com/TR07U10948"
},
{
"type": "WEB",
"url": "https://www.ns-echo.com/posts/nomachine_afo.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WP35-336H-G4RC
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-22 18:30NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
{
"affected": [],
"aliases": [
"CVE-2022-42292"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.",
"id": "GHSA-wp35-336h-g4rc",
"modified": "2023-02-22T18:30:34Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42292"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WP3X-6766-QRC3
Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2022-05-17 04:52The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
{
"affected": [],
"aliases": [
"CVE-2014-0027"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-26T01:55:00Z",
"severity": "LOW"
},
"details": "The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.",
"id": "GHSA-wp3x-6766-qrc3",
"modified": "2022-05-17T04:52:25Z",
"published": "2022-05-17T04:52:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0027"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048678"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2014/q1/59"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:032"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/101948"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/64791"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WP4J-MQ44-XX7X
Vulnerability from github – Published: 2022-04-30 18:23 – Updated: 2022-04-30 18:23cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
{
"affected": [],
"aliases": [
"CVE-2002-2382"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-12-31T05:00:00Z",
"severity": "HIGH"
},
"details": "cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.",
"id": "GHSA-wp4j-mq44-xx7x",
"modified": "2022-04-30T18:23:04Z",
"published": "2022-04-30T18:23:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2382"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/freebsd/2002-11/0011.html"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/10610.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/6150"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WP5J-PPW9-22MW
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2025-10-22 00:31An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
{
"affected": [],
"aliases": [
"CVE-2019-1253"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-11T22:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.",
"id": "GHSA-wp5j-ppw9-22mw",
"modified": "2025-10-22T00:31:43Z",
"published": "2022-05-24T16:56:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1253"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1253"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WP87-GW3H-3HX6
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 00:31Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve symlink targets without enforcing that the final path remains within the workspace, to read external host files accessible to the server process and disclose sensitive data such as SSH keys, cloud credentials, or application tokens.
{
"affected": [],
"aliases": [
"CVE-2026-11322"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T22:16:52Z",
"severity": "HIGH"
},
"details": "Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve symlink targets without enforcing that the final path remains within the workspace, to read external host files accessible to the server process and disclose sensitive data such as SSH keys, cloud credentials, or application tokens.",
"id": "GHSA-wp87-gw3h-3hx6",
"modified": "2026-06-05T00:31:36Z",
"published": "2026-06-05T00:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11322"
},
{
"type": "WEB",
"url": "https://github.com/nesquena/hermes-webui/pull/3398"
},
{
"type": "WEB",
"url": "https://github.com/nesquena/hermes-webui/commit/7c48c376299b8058fd35127a59aefadded7e4a92"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/hermes-webui-before-path-traversal-via-symlink-workspace-bypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WP9G-5PP9-HXCM
Vulnerability from github – Published: 2022-05-17 01:46 – Updated: 2022-05-17 01:46The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
{
"affected": [],
"aliases": [
"CVE-2012-2103"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-26T21:55:00Z",
"severity": "LOW"
},
"details": "The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.",
"id": "GHSA-wp9g-5pp9-hxcm",
"modified": "2022-05-17T01:46:41Z",
"published": "2022-05-17T01:46:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2103"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74884"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48859"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51218"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/53031"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1622-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WPCR-QWQ5-J6W2
Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2025-11-04 00:31This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
{
"affected": [],
"aliases": [
"CVE-2024-44258"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T21:15:07Z",
"severity": "HIGH"
},
"details": "This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.",
"id": "GHSA-wpcr-qwq5-j6w2",
"modified": "2025-11-04T00:31:50Z",
"published": "2024-10-28T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44258"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121563"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121566"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121567"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121569"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/10"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/15"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/16"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPF6-XQRG-67F3
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2024-04-04 03:03A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.
{
"affected": [],
"aliases": [
"CVE-2020-3237"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-03T18:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.",
"id": "GHSA-wpf6-xqrg-67f3",
"modified": "2024-04-04T03:03:08Z",
"published": "2022-05-24T17:19:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3237"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-file-mVnPqKW9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WPFP-CM49-9M9Q
Vulnerability from github – Published: 2025-01-21 18:31 – Updated: 2025-12-17 00:26Summary
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3.
Background
HashiCorp’s go-slug shared library offers functions for packing and unpacking Terraform Enterprise compatible slugs. Slugs are gzip compressed tar files containing Terraform configuration files.
Details
When go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path traversal, allowing an attacker to write an arbitrary file during extraction.
Remediation
Consumers of the go-slug shared library should evaluate the risk associated with this issue in the context of their go-slug usage and upgrade go-slug to 0.16.3 or later.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/go-slug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-0377"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-21T20:27:08Z",
"nvd_published_at": "2025-01-21T16:15:14Z",
"severity": "HIGH"
},
"details": "## Summary\nHashiCorp\u2019s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3.\n\n## Background\nHashiCorp\u2019s go-slug shared library offers functions for packing and unpacking Terraform Enterprise compatible slugs. Slugs are gzip compressed tar files containing Terraform configuration files.\n\n## Details\nWhen go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path traversal, allowing an attacker to write an arbitrary file during extraction.\n\n## Remediation\nConsumers of the go-slug shared library should evaluate the risk associated with this issue in the context of their go-slug usage and upgrade go-slug to 0.16.3 or later.",
"id": "GHSA-wpfp-cm49-9m9q",
"modified": "2025-12-17T00:26:23Z",
"published": "2025-01-21T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0377"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack"
},
{
"type": "PACKAGE",
"url": "github.com/hashicorp/go-slug"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "HashiCorp go-slug Vulnerable to Zip Slip Attack"
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.