CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-GHCJ-8X3X-3W77
Vulnerability from github – Published: 2022-12-20 18:30 – Updated: 2022-12-20 18:30In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025
{
"affected": [],
"aliases": [
"CVE-2022-20199"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-16T16:15:00Z",
"severity": "MODERATE"
},
"details": "In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025",
"id": "GHSA-ghcj-8x3x-3w77",
"modified": "2022-12-20T18:30:18Z",
"published": "2022-12-20T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20199"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GHWH-V2P7-36X4
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-02-18 00:00In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603
{
"affected": [],
"aliases": [
"CVE-2021-39668"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T18:15:00Z",
"severity": "HIGH"
},
"details": "In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603",
"id": "GHSA-ghwh-v2p7-36x4",
"modified": "2022-02-18T00:00:42Z",
"published": "2022-02-12T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39668"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-02-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GPPC-GCQ3-8W5M
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-05-24 16:57In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568
{
"affected": [],
"aliases": [
"CVE-2019-9438"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T19:15:00Z",
"severity": "LOW"
},
"details": "In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568",
"id": "GHSA-gppc-gcq3-8w5m",
"modified": "2022-05-24T16:57:27Z",
"published": "2022-05-24T16:57:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9438"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-10"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GQRQ-J6PM-98C2
Vulnerability from github – Published: 2023-12-14 15:30 – Updated: 2026-04-15 16:08Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting as CSV.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "h2o"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.46.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6569"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-15T03:12:43Z",
"nvd_published_at": "2023-12-14T13:15:55Z",
"severity": "CRITICAL"
},
"details": "Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with \"C1\", if they\u0027re exporting as CSV.",
"id": "GHSA-gqrq-j6pm-98c2",
"modified": "2026-04-15T16:08:45Z",
"published": "2023-12-14T15:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6569"
},
{
"type": "WEB",
"url": "https://github.com/h2oai/h2o-3/commit/e8884f5187eb81311877c5f0dd4d6d9c70f33d78"
},
{
"type": "PACKAGE",
"url": "https://github.com/h2oai/h2o-3"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/a5d003dc-c23e-4c98-8dcf-35ba9252fa3c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "External Control of File Name or Path in h2oai/h2o-3"
}
GHSA-GV4W-CVG2-4G88
Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-28 18:30In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121
{
"affected": [],
"aliases": [
"CVE-2023-20964"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "HIGH"
},
"details": "In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121",
"id": "GHSA-gv4w-cvg2-4g88",
"modified": "2023-03-28T18:30:28Z",
"published": "2023-03-24T21:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20964"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GW5F-7FQH-PVM6
Vulnerability from github – Published: 2026-02-16 06:31 – Updated: 2026-02-16 06:31A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2536"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-16T06:16:22Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-gw5f-7fqh-pvm6",
"modified": "2026-02-16T06:31:29Z",
"published": "2026-02-16T06:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2536"
},
{
"type": "WEB",
"url": "https://gitee.com/opencc/JFlow"
},
{
"type": "WEB",
"url": "https://gitee.com/opencc/JFlow/issues/IDN7GT"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346124"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346124"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.748807"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.748808"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H4PP-X3CC-F8MV
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.
{
"affected": [],
"aliases": [
"CVE-2022-42732"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-17T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in syngo Dynamics (All versions \u003c VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website\u2019s application pool.",
"id": "GHSA-h4pp-x3cc-f8mv",
"modified": "2024-04-04T05:30:19Z",
"published": "2023-07-06T19:24:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42732"
},
{
"type": "WEB",
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H672-VWJQ-P787
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673
{
"affected": [],
"aliases": [
"CVE-2021-0550"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-22T12:15:00Z",
"severity": "HIGH"
},
"details": "In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673",
"id": "GHSA-h672-vwjq-p787",
"modified": "2022-05-24T19:05:53Z",
"published": "2022-05-24T19:05:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0550"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HCQG-8F35-JW4G
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-47643"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:36Z",
"severity": "CRITICAL"
},
"details": "External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-hcqg-8f35-jw4g",
"modified": "2026-06-09T18:30:55Z",
"published": "2026-06-09T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47643"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47643"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HG58-RF2H-6RR7
Vulnerability from github – Published: 2024-06-28 14:33 – Updated: 2024-07-05 21:31Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7
Summary
An issue was identified for nodes syncing on an existing network during blocksync in which a malicious peer could cause the syncing peer to panic, enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. It is recommended for all clients to adopt this patch so that blocksync functions as expected and is tolerant of malicious peers presenting invalid data in this situation. Nodes that are vulnerable to this state may experience a Denial of Service condition in which syncing will not work as expected when joining a network as a client.
Recognition
This issue was reported to the Cosmos Bug Bounty Program on HackerOne on 5/01/24 by unknown_feature. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.
If you have questions about Interchain security efforts, please reach out to our official communication channel at security@interchain.io.
For more information about CometBFT, please see https://docs.cometbft.com/.
For more information about the Interchain Foundation’s engagement with Amulet, please see https://github.com/interchainio/security.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cometbft/cometbft"
},
"ranges": [
{
"events": [
{
"introduced": "0.37.0"
},
{
"fixed": "0.37.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cometbft/cometbft"
},
"ranges": [
{
"events": [
{
"introduced": "0.38.0"
},
{
"fixed": "0.38.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-28T14:33:33Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "**Name**: ASA-2024-008: Instability during blocksync when syncing from malicious peer\n**Component**: CometBFT\n**Criticality**: Medium ([ACMv1](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Moderate; L: Possible)\n**Affected versions**: \u003c v0.38.7 \n\n# Summary\n\nAn issue was identified for nodes syncing on an existing network during blocksync in which a malicious peer could cause the syncing peer to panic, enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. It is recommended for all clients to adopt this patch so that blocksync functions as expected and is tolerant of malicious peers presenting invalid data in this situation. Nodes that are vulnerable to this state may experience a Denial of Service condition in which syncing will not work as expected when joining a network as a client.\n\n# Recognition\n\nThis issue was reported to the Cosmos Bug Bounty Program on HackerOne on 5/01/24 by unknown_feature. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n\nIf you have questions about Interchain security efforts, please reach out to our official communication channel at [security@interchain.io](mailto:security@interchain.io).\n\nFor more information about CometBFT, please see https://docs.cometbft.com/.\n\nFor more information about the Interchain Foundation\u2019s engagement with Amulet, please see https://github.com/interchainio/security.\n",
"id": "GHSA-hg58-rf2h-6rr7",
"modified": "2024-07-05T21:31:45Z",
"published": "2024-06-28T14:33:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-hg58-rf2h-6rr7"
},
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/commit/07866e11139127e415bd0339ac377b6e6a845533"
},
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/commit/8ba2e4f52d5e626e019501ba6420cc86d5de7857"
},
{
"type": "PACKAGE",
"url": "https://github.com/cometbft/cometbft"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "CometBFT is unstability during blocksync when syncing from malicious peer"
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.