Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1990 vulnerabilities reference this CWE, most recent first.

GHSA-HRWV-7VP5-R8PF

Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23
VLAI
Details

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3437"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-16T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.",
  "id": "GHSA-hrwv-7vp5-r8pf",
  "modified": "2022-05-24T17:23:48Z",
  "published": "2022-05-24T17:23:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3437"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanwebid-5QWMcCvt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HV99-MXM5-Q397

Vulnerability from github – Published: 2026-04-16 20:43 – Updated: 2026-04-16 20:43
VLAI
Summary
Weblate: Arbitrary File Read via Symlink
Details

Impact

The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository.

Patches

  • https://github.com/WeblateOrg/weblate/pull/18683

References

Thanks to @DavidCarliez for reporting this vulnerability via GitHub.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "weblate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-22",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T20:43:11Z",
    "nvd_published_at": "2026-04-15T19:16:35Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe ZIP download feature didn\u0027t verify downloaded file and it could follow symlinks outside the repository.\n\n### Patches\n\n* https://github.com/WeblateOrg/weblate/pull/18683\n\n### References\n\nThanks to @DavidCarliez for reporting this vulnerability via GitHub.",
  "id": "GHSA-hv99-mxm5-q397",
  "modified": "2026-04-16T20:43:11Z",
  "published": "2026-04-16T20:43:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34242"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WeblateOrg/weblate"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Weblate: Arbitrary File Read via Symlink"
}

GHSA-HVH5-4JWJ-5RCF

Vulnerability from github – Published: 2022-04-10 00:00 – Updated: 2022-04-15 00:00
VLAI
Details

A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27883"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-09T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.",
  "id": "GHSA-hvh5-4jwj-5rcf",
  "modified": "2022-04-15T00:00:54Z",
  "published": "2022-04-10T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27883"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10978"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-546"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVPC-22M7-JG3M

Vulnerability from github – Published: 2022-05-02 06:12 – Updated: 2022-05-02 06:12
VLAI
Details

Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-0439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-26T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.",
  "id": "GHSA-hvpc-22m7-jg3m",
  "modified": "2022-05-02T06:12:43Z",
  "published": "2022-05-02T06:12:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0439"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/510306/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HVR9-WR9P-GRGR

Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2024-09-24 20:47
VLAI
Summary
Mercurial missing symlink check
Details

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mercurial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-1000115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-01T17:00:31Z",
    "nvd_published_at": "2017-10-05T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository",
  "id": "GHSA-hvr9-wr9p-grgr",
  "modified": "2024-09-24T20:47:20Z",
  "published": "2022-05-14T01:04:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000115"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2489"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-18"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290"
    },
    {
      "type": "WEB",
      "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3963"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Mercurial missing symlink check"
}

GHSA-HW2R-7JP6-9R7M

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2023-02-02 21:34
VLAI
Details

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-3147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-14T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.",
  "id": "GHSA-hw2r-7jp6-9r7m",
  "modified": "2023-02-02T21:34:00Z",
  "published": "2022-05-24T17:06:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3147"
    },
    {
      "type": "WEB",
      "url": "https://github.com/abrt/abrt/pull/955"
    },
    {
      "type": "WEB",
      "url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1083"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1210"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2015-3147"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWC8-4222-XW22

Vulnerability from github – Published: 2022-05-02 03:26 – Updated: 2022-05-02 03:26
VLAI
Details

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-05T20:30:00Z",
    "severity": "MODERATE"
  },
  "details": "JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.",
  "id": "GHSA-hwc8-4222-xw22",
  "modified": "2022-05-02T03:26:05Z",
  "published": "2022-05-02T03:26:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1526"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/54014"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34861"
    },
    {
      "type": "WEB",
      "url": "http://www.directadmin.com/features.php?id=968"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HWHH-H7C7-WQ3J

Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18
VLAI
Details

maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-04T00:57:00Z",
    "severity": "LOW"
  },
  "details": "maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.",
  "id": "GHSA-hwhh-h7c7-wq3j",
  "modified": "2022-05-17T02:18:33Z",
  "published": "2022-05-17T02:18:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4908"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44841"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496358"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32487"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30893"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HWMR-M7QH-WXR9

Vulnerability from github – Published: 2024-12-14 00:31 – Updated: 2024-12-14 00:31
VLAI
Details

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-13T23:15:05Z",
    "severity": "HIGH"
  },
  "details": "Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. \n\nThe specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.",
  "id": "GHSA-hwmr-m7qh-wxr9",
  "modified": "2024-12-14T00:31:12Z",
  "published": "2024-12-14T00:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12552"
    },
    {
      "type": "WEB",
      "url": "https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.8-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1683"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX59-P22R-49RV

Vulnerability from github – Published: 2024-12-15 06:32 – Updated: 2024-12-16 18:31
VLAI
Details

gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-15T04:15:05Z",
    "severity": "MODERATE"
  },
  "details": "gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.",
  "id": "GHSA-hx59-p22r-49rv",
  "modified": "2024-12-16T18:31:08Z",
  "published": "2024-12-15T06:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56074"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cyclotruc/gitingest/pull/23"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cyclotruc/gitingest/commit/9996a06a94450497c1abb35997f5e6cbc9b571ff"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L22-L30"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L99-L100"
    },
    {
      "type": "WEB",
      "url": "https://gitingest.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.