Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-GHCJ-8X3X-3W77

Vulnerability from github – Published: 2022-12-20 18:30 – Updated: 2022-12-20 18:30
VLAI
Details

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025",
  "id": "GHSA-ghcj-8x3x-3w77",
  "modified": "2022-12-20T18:30:18Z",
  "published": "2022-12-20T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20199"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHWH-V2P7-36X4

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-02-18 00:00
VLAI
Details

In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-11T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603",
  "id": "GHSA-ghwh-v2p7-36x4",
  "modified": "2022-02-18T00:00:42Z",
  "published": "2022-02-12T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39668"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-02-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GPPC-GCQ3-8W5M

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-05-24 16:57
VLAI
Details

In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-27T19:15:00Z",
    "severity": "LOW"
  },
  "details": "In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568",
  "id": "GHSA-gppc-gcq3-8w5m",
  "modified": "2022-05-24T16:57:27Z",
  "published": "2022-05-24T16:57:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9438"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQRQ-J6PM-98C2

Vulnerability from github – Published: 2023-12-14 15:30 – Updated: 2026-04-15 16:08
VLAI
Summary
External Control of File Name or Path in h2oai/h2o-3
Details

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting as CSV.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "h2o"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.46.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-6569"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-15T03:12:43Z",
    "nvd_published_at": "2023-12-14T13:15:55Z",
    "severity": "CRITICAL"
  },
  "details": "Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with \"C1\", if they\u0027re exporting as CSV.",
  "id": "GHSA-gqrq-j6pm-98c2",
  "modified": "2026-04-15T16:08:45Z",
  "published": "2023-12-14T15:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6569"
    },
    {
      "type": "WEB",
      "url": "https://github.com/h2oai/h2o-3/commit/e8884f5187eb81311877c5f0dd4d6d9c70f33d78"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/h2oai/h2o-3"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/a5d003dc-c23e-4c98-8dcf-35ba9252fa3c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "External Control of File Name or Path in h2oai/h2o-3"
}

GHSA-GV4W-CVG2-4G88

Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-28 18:30
VLAI
Details

In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121",
  "id": "GHSA-gv4w-cvg2-4g88",
  "modified": "2023-03-28T18:30:28Z",
  "published": "2023-03-24T21:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20964"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GW5F-7FQH-PVM6

Vulnerability from github – Published: 2026-02-16 06:31 – Updated: 2026-02-16 06:31
VLAI
Details

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-16T06:16:22Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-gw5f-7fqh-pvm6",
  "modified": "2026-02-16T06:31:29Z",
  "published": "2026-02-16T06:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2536"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/opencc/JFlow"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/opencc/JFlow/issues/IDN7GT"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.346124"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.346124"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.748807"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.748808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H4PP-X3CC-F8MV

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30
VLAI
Details

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-17T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in syngo Dynamics (All versions \u003c VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website\u2019s application pool.",
  "id": "GHSA-h4pp-x3cc-f8mv",
  "modified": "2024-04-04T05:30:19Z",
  "published": "2023-07-06T19:24:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42732"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H672-VWJQ-P787

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-22T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673",
  "id": "GHSA-h672-vwjq-p787",
  "modified": "2022-05-24T19:05:53Z",
  "published": "2022-05-24T19:05:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0550"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HCQG-8F35-JW4G

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47643"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:36Z",
    "severity": "CRITICAL"
  },
  "details": "External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.",
  "id": "GHSA-hcqg-8f35-jw4g",
  "modified": "2026-06-09T18:30:55Z",
  "published": "2026-06-09T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47643"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47643"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HG58-RF2H-6RR7

Vulnerability from github – Published: 2024-06-28 14:33 – Updated: 2024-07-05 21:31
VLAI
Summary
CometBFT is unstability during blocksync when syncing from malicious peer
Details

Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7

Summary

An issue was identified for nodes syncing on an existing network during blocksync in which a malicious peer could cause the syncing peer to panic, enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. It is recommended for all clients to adopt this patch so that blocksync functions as expected and is tolerant of malicious peers presenting invalid data in this situation. Nodes that are vulnerable to this state may experience a Denial of Service condition in which syncing will not work as expected when joining a network as a client.

Recognition

This issue was reported to the Cosmos Bug Bounty Program on HackerOne on 5/01/24 by unknown_feature. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.

If you have questions about Interchain security efforts, please reach out to our official communication channel at security@interchain.io.

For more information about CometBFT, please see https://docs.cometbft.com/.

For more information about the Interchain Foundation’s engagement with Amulet, please see https://github.com/interchainio/security.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cometbft/cometbft"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.37.0"
            },
            {
              "fixed": "0.37.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cometbft/cometbft"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.38.0"
            },
            {
              "fixed": "0.38.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-28T14:33:33Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "**Name**: ASA-2024-008: Instability during blocksync when syncing from malicious peer\n**Component**: CometBFT\n**Criticality**: Medium ([ACMv1](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Moderate; L: Possible)\n**Affected versions**: \u003c v0.38.7 \n\n# Summary\n\nAn issue was identified for nodes syncing on an existing network during blocksync in which a malicious peer could cause the syncing peer to panic, enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. It is recommended for all clients to adopt this patch so that blocksync functions as expected and is tolerant of malicious peers presenting invalid data in this situation. Nodes that are vulnerable to this state may experience a Denial of Service condition in which syncing will not work as expected when joining a network as a client.\n\n# Recognition\n\nThis issue was reported to the Cosmos Bug Bounty Program on HackerOne on 5/01/24 by unknown_feature. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n\nIf you have questions about Interchain security efforts, please reach out to our official communication channel at [security@interchain.io](mailto:security@interchain.io).\n\nFor more information about CometBFT, please see https://docs.cometbft.com/.\n\nFor more information about the Interchain Foundation\u2019s engagement with Amulet, please see https://github.com/interchainio/security.\n",
  "id": "GHSA-hg58-rf2h-6rr7",
  "modified": "2024-07-05T21:31:45Z",
  "published": "2024-06-28T14:33:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-hg58-rf2h-6rr7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cometbft/cometbft/commit/07866e11139127e415bd0339ac377b6e6a845533"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cometbft/cometbft/commit/8ba2e4f52d5e626e019501ba6420cc86d5de7857"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cometbft/cometbft"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "CometBFT is unstability during blocksync when syncing from malicious peer"
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.