Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-W5QC-2WH9-55PC

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:48
VLAI
Details

The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-15T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using \"nmap -b\" and allow performing scans via the FTP server.",
  "id": "GHSA-w5qc-2wh9-55pc",
  "modified": "2025-04-20T03:48:29Z",
  "published": "2022-05-13T01:43:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15269"
    },
    {
      "type": "WEB",
      "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/541518/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5QF-XF3C-9442

Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-25 00:00
VLAI
Details

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-22T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.",
  "id": "GHSA-w5qf-xf3c-9442",
  "modified": "2022-08-25T00:00:29Z",
  "published": "2022-08-23T00:00:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28710"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1550"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5XH-4J2V-6XMJ

Vulnerability from github – Published: 2023-08-09 09:30 – Updated: 2024-04-04 06:43
VLAI
Details

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-09T07:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.\n",
  "id": "GHSA-w5xh-4j2v-6xmj",
  "modified": "2024-04-04T06:43:26Z",
  "published": "2023-08-09T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37855"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2023-018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WC64-C5RV-32PF

Vulnerability from github – Published: 2023-05-11 20:47 – Updated: 2023-05-11 20:47
VLAI
Summary
in-toto vulnerable to Configuration Read From Local Directory
Details

Impact

The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification [1]. Among the files read is .in_totorc which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an .in_totorc file that includes the necessary exclude patterns and settings.

RC files are widely used in other systems [2] and security issues have been discovered in their implementations as well [3]. We found in our conversations with in-toto adopters that in_totorc is not their preferred way to configure in-toto. As none of the options supported in in_totorc is unique, and can be set elsewhere using API parameters or CLI arguments, we decided to drop support for in_totorc.

Other Recommendations

Sandbox functionary code as recommended in https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x.

References

[1] https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html [2] https://spec.editorconfig.org/ [3] https://github.blog/2022-04-12-git-security-vulnerability-announced/

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.4.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "in-toto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-32076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-11T20:47:56Z",
    "nvd_published_at": "2023-05-10T18:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification [1]. Among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings.\n\nRC files are widely used in other systems [2] and security issues have been discovered in their implementations as well [3]. We found in our conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, we decided to drop support for `in_totorc`.\n\n### Other Recommendations\n\nSandbox functionary code as recommended in https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x.\n\n### References\n\n[1] https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html\n[2] https://spec.editorconfig.org/\n[3] https://github.blog/2022-04-12-git-security-vulnerability-announced/\n",
  "id": "GHSA-wc64-c5rv-32pf",
  "modified": "2023-05-11T20:47:56Z",
  "published": "2023-05-11T20:47:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x"
    },
    {
      "type": "WEB",
      "url": "https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32076"
    },
    {
      "type": "WEB",
      "url": "https://github.com/in-toto/in-toto/commit/3a21d84f40811b7d191fa7bd17265c1f99599afd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/in-toto/in-toto"
    },
    {
      "type": "WEB",
      "url": "https://github.com/in-toto/in-toto/releases/tag/v2.0.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/in-toto/PYSEC-2023-63.yaml"
    },
    {
      "type": "WEB",
      "url": "https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "in-toto vulnerable to Configuration Read From Local Directory"
}

GHSA-WGFW-CPJM-64V6

Vulnerability from github – Published: 2024-01-10 18:30 – Updated: 2025-11-04 21:31
VLAI
Details

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURL_image parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-10T16:15:49Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter.",
  "id": "GHSA-wgfw-cpjm-64v6",
  "modified": "2025-11-04T21:31:02Z",
  "published": "2024-01-10T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49864"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHHH-XG23-HXCW

Vulnerability from github – Published: 2023-10-27 21:30 – Updated: 2023-11-08 03:30
VLAI
Details

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-27T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In FillUi of FillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-whhh-xg23-hxcw",
  "modified": "2023-11-08T03:30:31Z",
  "published": "2023-10-27T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40139"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-10-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMCV-PJ3G-38RP

Vulnerability from github – Published: 2025-02-12 21:31 – Updated: 2025-10-22 00:33
VLAI
Details

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue does not affect Cloud NGFW or Prisma Access software.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0111"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T21:15:16Z",
    "severity": "HIGH"
  },
  "details": "An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue does not affect Cloud NGFW or Prisma Access software.",
  "id": "GHSA-wmcv-pj3g-38rp",
  "modified": "2025-10-22T00:33:12Z",
  "published": "2025-02-12T21:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0111"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0111"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WMRR-G68F-2FHJ

Vulnerability from github – Published: 2022-07-14 00:00 – Updated: 2022-07-27 00:00
VLAI
Details

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534",
  "id": "GHSA-wmrr-g68f-2fhj",
  "modified": "2022-07-27T00:00:48Z",
  "published": "2022-07-14T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20223"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-07-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMW7-JPM9-RMFF

Vulnerability from github – Published: 2026-04-08 21:33 – Updated: 2026-05-07 18:30
VLAI
Details

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T19:25:20Z",
    "severity": "MODERATE"
  },
  "details": "An external configuration control vulnerability in the OpenVPN module\u00a0of TP-Link AX53 v1.0\u00a0allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed.  Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.",
  "id": "GHSA-wmw7-jpm9-rmff",
  "modified": "2026-05-07T18:30:33Z",
  "published": "2026-04-08T21:33:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30817"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2305"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/faq/5055"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WVJ2-GC45-C4J5

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01
VLAI
Details

In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427",
  "id": "GHSA-wvj2-gc45-c4j5",
  "modified": "2022-04-06T00:01:52Z",
  "published": "2022-03-31T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39765"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-12l"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.