Common Weakness Enumeration

CWE-26

Allowed

Path Traversal: '/dir/../filename'

Abstraction: Variant · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.

25 vulnerabilities reference this CWE, most recent first.

CVE-2021-42021 (GCVE-0-2021-42021)

Vulnerability from cvelistv5 – Published: 2021-11-09 11:32 – Updated: 2024-08-04 03:22
VLAI
Summary
A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.
Severity
No CVSS data available.
CWE
  • CWE-26 - Path Traversal: '/dir/../filename'
Assigner
References
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Siveillance Video DLNA Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "2019 R1"
            }
          ]
        },
        {
          "product": "Siveillance Video DLNA Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "2019 R2"
            }
          ]
        },
        {
          "product": "Siveillance Video DLNA Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "2019 R3"
            }
          ]
        },
        {
          "product": "Siveillance Video DLNA Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "2020 R1"
            }
          ]
        },
        {
          "product": "Siveillance Video DLNA Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "2020 R2"
            }
          ]
        },
        {
          "product": "Siveillance Video DLNA Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "2020 R3"
            }
          ]
        },
        {
          "product": "Siveillance Video DLNA Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "2021 R1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application\u2019s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-26",
              "description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-09T11:32:15.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-42021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Siveillance Video DLNA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 R1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Video DLNA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 R2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Video DLNA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 R3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Video DLNA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2020 R1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Video DLNA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2020 R2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Video DLNA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2020 R3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Video DLNA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2021 R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application\u2019s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-42021",
    "datePublished": "2021-11-09T11:32:15.000Z",
    "dateReserved": "2021-10-06T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:22:25.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34762 (GCVE-0-2021-34762)

Vulnerability from cvelistv5 – Published: 2021-10-27 18:55 – Updated: 2024-11-07 21:44
VLAI
Title
Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2021-10-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:48.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20211027 Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dir-traversal-95UyW5tk"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34762",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:42:46.118918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:44:23.088Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Management Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-10-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-26",
              "description": "CWE-26",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T18:55:36.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20211027 Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dir-traversal-95UyW5tk"
        }
      ],
      "source": {
        "advisory": "cisco-sa-fmc-dir-traversal-95UyW5tk",
        "defect": [
          [
            "CSCvy41771"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-10-27T16:00:00",
          "ID": "CVE-2021-34762",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Firepower Management Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-26"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20211027 Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dir-traversal-95UyW5tk"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-fmc-dir-traversal-95UyW5tk",
          "defect": [
            [
              "CSCvy41771"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-34762",
    "datePublished": "2021-10-27T18:55:36.199Z",
    "dateReserved": "2021-06-15T00:00:00.000Z",
    "dateUpdated": "2024-11-07T21:44:23.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-52JG-M3RM-CH68

Vulnerability from github – Published: 2024-03-06 18:30 – Updated: 2024-03-06 18:30
VLAI
Details

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-26"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-06T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. \n\n This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.",
  "id": "GHSA-52jg-m3rm-ch68",
  "modified": "2024-03-06T18:30:38Z",
  "published": "2024-03-06T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20345"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67QG-7284-2277

Vulnerability from github – Published: 2026-05-05 20:05 – Updated: 2026-05-13 16:31
VLAI
Summary
django-s3file is vulnerable to relative path traversal
Details

Impact

S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES

Depending on how files are handled, this may lead to confidentiality and integrity issues.

Patches

Django-S3File urges all users to update to a patched version >=7.0.2.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 7.0.1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "django-s3file"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23",
      "CWE-26"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T20:05:49Z",
    "nvd_published_at": "2026-05-12T22:16:34Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n`S3FileMiddleware` is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into `request.FILES`\n\nDepending on how files are handled, this may lead to confidentiality and integrity issues.\n\n### Patches\nDjango-S3File urges all users to update to a patched version \u003e=7.0.2.",
  "id": "GHSA-67qg-7284-2277",
  "modified": "2026-05-13T16:31:46Z",
  "published": "2026-05-05T20:05:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/codingjoe/django-s3file/security/advisories/GHSA-67qg-7284-2277"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42196"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/codingjoe/django-s3file"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "django-s3file is vulnerable to relative path traversal"
}

GHSA-6PWF-HHH9-VP2C

Vulnerability from github – Published: 2024-04-27 00:30 – Updated: 2024-08-01 15:31
VLAI
Details

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-26"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-26T22:15:08Z",
    "severity": "HIGH"
  },
  "details": "Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.",
  "id": "GHSA-6pwf-hhh9-vp2c",
  "modified": "2024-08-01T15:31:42Z",
  "published": "2024-04-27T00:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31551"
    },
    {
      "type": "WEB",
      "url": "https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-78FH-92P7-Q975

Vulnerability from github – Published: 2024-04-30 21:30 – Updated: 2025-03-20 21:31
VLAI
Details

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-26"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-30T21:15:45Z",
    "severity": "HIGH"
  },
  "details": "Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.",
  "id": "GHSA-78fh-92p7-q975",
  "modified": "2025-03-20T21:31:40Z",
  "published": "2024-04-30T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29466"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Xiqinger/b3cb51f390d408c3c66c66e645ba5ac0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FVCQ-F7QR-C3PM

Vulnerability from github – Published: 2025-08-22 21:31 – Updated: 2025-08-26 00:31
VLAI
Details

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-26"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T21:15:30Z",
    "severity": "MODERATE"
  },
  "details": "Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.",
  "id": "GHSA-fvcq-f7qr-c3pm",
  "modified": "2025-08-26T00:31:09Z",
  "published": "2025-08-22T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45133"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/mahara/+bug/1995819"
    },
    {
      "type": "WEB",
      "url": "https://mahara.org/interaction/forum/topic.php?id=9353"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H8RQ-7GM9-52RM

Vulnerability from github – Published: 2024-07-02 21:32 – Updated: 2024-07-02 21:32
VLAI
Details

Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-26"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-02T16:15:05Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.",
  "id": "GHSA-h8rq-7gm9-52rm",
  "modified": "2024-07-02T21:32:15Z",
  "published": "2024-07-02T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5865"
    },
    {
      "type": "WEB",
      "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H97Q-2RXR-WFVP

Vulnerability from github – Published: 2024-07-25 12:32 – Updated: 2024-07-25 12:32
VLAI
Details

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-26",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-25T12:15:03Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-h97q-2rxr-wfvp",
  "modified": "2024-07-25T12:32:02Z",
  "published": "2024-07-25T12:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39673"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JCPM-3FP5-4MQR

Vulnerability from github – Published: 2024-07-02 21:32 – Updated: 2024-07-02 21:32
VLAI
Details

Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-26"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-02T16:15:05Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.",
  "id": "GHSA-jcpm-3fp5-4mqr",
  "modified": "2024-07-02T21:32:15Z",
  "published": "2024-07-02T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5866"
    },
    {
      "type": "WEB",
      "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.