CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1992 vulnerabilities reference this CWE, most recent first.
GHSA-GPH2-PH9G-MQFQ
Vulnerability from github – Published: 2022-05-01 07:32 – Updated: 2022-05-01 07:32openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
{
"affected": [],
"aliases": [
"CVE-2006-5851"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-11-10T02:07:00Z",
"severity": "LOW"
},
"details": "openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.",
"id": "GHSA-gph2-ph9g-mqfq",
"modified": "2022-05-01T07:32:23Z",
"published": "2022-05-01T07:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5851"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/2737"
},
{
"type": "WEB",
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22742"
},
{
"type": "WEB",
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/4404"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GPV2-XXVX-F68G
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2025-04-12 12:34libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
{
"affected": [],
"aliases": [
"CVE-2014-3977"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-06-08T23:55:00Z",
"severity": "MODERATE"
},
"details": "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.",
"id": "GHSA-gpv2-xxvx-f68g",
"modified": "2025-04-12T12:34:34Z",
"published": "2022-05-13T01:06:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3977"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595"
},
{
"type": "WEB",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977"
},
{
"type": "WEB",
"url": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/33725"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60299"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60303"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60311"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60312"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60313"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60314"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030401"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GQ3G-4FMC-4F5J
Vulnerability from github – Published: 2022-05-02 03:28 – Updated: 2022-05-02 03:28Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."
{
"affected": [],
"aliases": [
"CVE-2009-1753"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-05-22T11:53:00Z",
"severity": "LOW"
},
"details": "Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified \"result file.\"",
"id": "GHSA-gq3g-4fmc-4f5j",
"modified": "2022-05-02T03:28:14Z",
"published": "2022-05-02T03:28:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1753"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00731.html"
},
{
"type": "WEB",
"url": "http://packages.debian.org/changelogs/pool/main/c/coccinelle/coccinelle_0.1.7.deb-3/changelog"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35012"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35459"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/05/06/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/34848"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GQ9C-43PH-F77C
Vulnerability from github – Published: 2022-05-02 03:52 – Updated: 2022-05-02 03:52Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.
{
"affected": [],
"aliases": [
"CVE-2009-4193"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-12-03T19:30:00Z",
"severity": "LOW"
},
"details": "Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.",
"id": "GHSA-gq9c-43ph-f77c",
"modified": "2022-05-02T03:52:40Z",
"published": "2022-05-02T03:52:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4193"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53486"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00869.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00870.html"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548546"
},
{
"type": "WEB",
"url": "http://osvdb.org/58389"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36897"
},
{
"type": "WEB",
"url": "http://trac.openstreetmap.org/ticket/2320"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/36529"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GQ9W-WR34-CG54
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423.
{
"affected": [],
"aliases": [
"CVE-2020-4966"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-21T14:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423.",
"id": "GHSA-gq9w-wr34-cg54",
"modified": "2022-05-24T17:40:02Z",
"published": "2022-05-24T17:40:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4966"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192423"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6403233"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GQQQ-9PQW-6V5R
Vulnerability from github – Published: 2022-04-21 01:57 – Updated: 2024-02-28 01:09The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.
{
"affected": [],
"aliases": [
"CVE-2010-0398"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-30T22:15:00Z",
"severity": "MODERATE"
},
"details": "The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.",
"id": "GHSA-gqqq-9pqw-6v5r",
"modified": "2024-02-28T01:09:58Z",
"published": "2022-04-21T01:57:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0398"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/autokey/+bug/538471"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0398"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GQQR-58QX-V9QR
Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau..##### or (2) /tmp/makefile.tau.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.
{
"affected": [],
"aliases": [
"CVE-2008-5157"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-18T16:00:00Z",
"severity": "MODERATE"
},
"details": "tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.",
"id": "GHSA-gqqr-58qx-v9qr",
"modified": "2022-05-17T02:18:02Z",
"published": "2022-05-17T02:18:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5157"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46704"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506348"
},
{
"type": "WEB",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32821"
},
{
"type": "WEB",
"url": "http://uvw.ru/report.sid.txt"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32404"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GQVF-8G7J-7GH5
Vulnerability from github – Published: 2024-02-21 09:31 – Updated: 2025-11-04 21:31This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.
{
"affected": [],
"aliases": [
"CVE-2023-42942"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-21T07:15:50Z",
"severity": "HIGH"
},
"details": "This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.",
"id": "GHSA-gqvf-8g7j-7gh5",
"modified": "2025-11-04T21:31:11Z",
"published": "2024-02-21T09:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42942"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213985"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213987"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213988"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213984"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213988"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR75-JV2W-4656
Vulnerability from github – Published: 2026-06-16 15:03 – Updated: 2026-07-08 17:36Summary
Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or the resolved target of matched files, so glob patterns and symlinks can reach files outside the configured root; prompt- and chain/agent-configuration loaders that accept path fields and resolve them without confining the result to a trusted base or rejecting symlink targets; and path-prefix authorization checks that compare by string prefix without a path-segment boundary, so a sibling path sharing the prefix is accepted. When these components receive path values, search patterns, or workspace contents influenced by an untrusted source — including an LLM acting on untrusted input — the result can be disclosure of files outside the intended boundary. We have no evidence of this behavior being triggered in the wild.
Affected users / systems
You may be affected if you expose an agent with filesystem-search middleware over a directory and accept prompts or retrieved content influenced by untrusted sources; load prompt or chain/agent configuration from untrusted or shared sources; or rely on path-prefix restrictions to confine tool file access. Callers that confine these components to fully trusted inputs and first-party configuration are not affected.
Impact
- Confidentiality: disclosure of file contents outside the intended root/sandbox.
- Authorization: path-prefix bypass can grant access to sibling resources beyond the intended subtree.
Patches / mitigation
The affected components will canonicalize candidate paths (resolving symlinks) and verify the resolved real path remains within the configured root before reading or returning it; search patterns will be normalized so they cannot escape the root; configuration loaders will confine resolved path fields and reject symlink escapes unless the caller explicitly opts in to dangerous loading; and path-prefix checks will enforce a path-segment boundary. Path validation will be made operating-system-portable.
Compatibility
Callers that already pass only in-root paths, validated configuration, and trusted search inputs see no behavioral change. Callers that intentionally reference external paths can opt in via the existing dangerous-loading flag.
Operational guidance
Confine filesystem-backed agent tools to a dedicated directory and prefer running them sandboxed/containerized; validate path and identifier inputs where untrusted input enters; do not enable dangerous loading for configuration whose origin you do not control.
LangSmith / hosted deployments note
This issue concerns library components executed by agents.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.3.8"
},
"package": {
"ecosystem": "PyPI",
"name": "langchain"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.4.5"
},
"package": {
"ecosystem": "PyPI",
"name": "langchain-anthropic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-55443"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-16T15:03:14Z",
"nvd_published_at": "2026-06-22T19:17:21Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nSeveral LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the *resolved* path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or the resolved target of matched files, so glob patterns and symlinks can reach files outside the configured root; prompt- and chain/agent-configuration loaders that accept path fields and resolve them without confining the result to a trusted base or rejecting symlink targets; and path-prefix authorization checks that compare by string prefix without a path-segment boundary, so a sibling path sharing the prefix is accepted. When these components receive path values, search patterns, or workspace contents influenced by an untrusted source \u2014 including an LLM acting on untrusted input \u2014 the result can be disclosure of files outside the intended boundary. We have no evidence of this behavior being triggered in the wild.\n\n## Affected users / systems\n\nYou may be affected if you expose an agent with filesystem-search middleware over a directory and accept prompts or retrieved content influenced by untrusted sources; load prompt or chain/agent configuration from untrusted or shared sources; or rely on path-prefix restrictions to confine tool file access. Callers that confine these components to fully trusted inputs and first-party configuration are not affected.\n\n## Impact\n\n- Confidentiality: disclosure of file contents outside the intended root/sandbox.\n- Authorization: path-prefix bypass can grant access to sibling resources beyond the intended subtree.\n\n## Patches / mitigation\n\nThe affected components will canonicalize candidate paths (resolving symlinks) and verify the resolved real path remains within the configured root before reading or returning it; search patterns will be normalized so they cannot escape the root; configuration loaders will confine resolved path fields and reject symlink escapes unless the caller explicitly opts in to dangerous loading; and path-prefix checks will enforce a path-segment boundary. Path validation will be made operating-system-portable.\n\n## Compatibility\n\nCallers that already pass only in-root paths, validated configuration, and trusted search inputs see no behavioral change. Callers that intentionally reference external paths can opt in via the existing dangerous-loading flag.\n\n## Operational guidance\n\nConfine filesystem-backed agent tools to a dedicated directory and prefer running them sandboxed/containerized; validate path and identifier inputs where untrusted input enters; do not enable dangerous loading for configuration whose origin you do not control.\n\n## LangSmith / hosted deployments note\n\nThis issue concerns library components executed by agents.",
"id": "GHSA-gr75-jv2w-4656",
"modified": "2026-07-08T17:36:59Z",
"published": "2026-06-16T15:03:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-gr75-jv2w-4656"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55443"
},
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchain/commit/dcaf7795a3e6590af55c3ff7bda6add6355e9ea6"
},
{
"type": "PACKAGE",
"url": "https://github.com/langchain-ai/langchain"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders"
}
GHSA-GRP6-P35V-PGFX
Vulnerability from github – Published: 2022-03-26 00:00 – Updated: 2022-04-05 00:01Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.
{
"affected": [],
"aliases": [
"CVE-2022-26659"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-25T21:15:00Z",
"severity": "HIGH"
},
"details": "Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.",
"id": "GHSA-grp6-p35v-pgfx",
"modified": "2022-04-05T00:01:00Z",
"published": "2022-03-26T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26659"
},
{
"type": "WEB",
"url": "https://docs.docker.com/desktop/windows/release-notes"
},
{
"type": "WEB",
"url": "https://docs.docker.com/docker-for-windows/release-notes"
},
{
"type": "WEB",
"url": "https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md"
},
{
"type": "WEB",
"url": "https://github.com/hmsec/Advisories/blob/master/CVE-2022-26659.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.