CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-W5QC-2WH9-55PC
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:48The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.
{
"affected": [],
"aliases": [
"CVE-2017-15269"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-15T16:29:00Z",
"severity": "MODERATE"
},
"details": "The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using \"nmap -b\" and allow performing scans via the FTP server.",
"id": "GHSA-w5qc-2wh9-55pc",
"modified": "2025-04-20T03:48:29Z",
"published": "2022-05-13T01:43:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15269"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/541518/100/0/threaded"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W5QF-XF3C-9442
Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-25 00:00An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-28710"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-22T19:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.",
"id": "GHSA-w5qf-xf3c-9442",
"modified": "2022-08-25T00:00:29Z",
"published": "2022-08-23T00:00:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28710"
},
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1550"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W5XH-4J2V-6XMJ
Vulnerability from github – Published: 2023-08-09 09:30 – Updated: 2024-04-04 06:43In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.
{
"affected": [],
"aliases": [
"CVE-2023-37855"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-09T07:15:10Z",
"severity": "MODERATE"
},
"details": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.\n",
"id": "GHSA-w5xh-4j2v-6xmj",
"modified": "2024-04-04T06:43:26Z",
"published": "2023-08-09T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37855"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2023-018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WC64-C5RV-32PF
Vulnerability from github – Published: 2023-05-11 20:47 – Updated: 2023-05-11 20:47Impact
The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification [1]. Among the files read is .in_totorc which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an .in_totorc file that includes the necessary exclude patterns and settings.
RC files are widely used in other systems [2] and security issues have been discovered in their implementations as well [3]. We found in our conversations with in-toto adopters that in_totorc is not their preferred way to configure in-toto. As none of the options supported in in_totorc is unique, and can be set elsewhere using API parameters or CLI arguments, we decided to drop support for in_totorc.
Other Recommendations
Sandbox functionary code as recommended in https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x.
References
[1] https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html [2] https://spec.editorconfig.org/ [3] https://github.blog/2022-04-12-git-security-vulnerability-announced/
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.4.0"
},
"package": {
"ecosystem": "PyPI",
"name": "in-toto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-32076"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-610"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-11T20:47:56Z",
"nvd_published_at": "2023-05-10T18:15:10Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification [1]. Among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings.\n\nRC files are widely used in other systems [2] and security issues have been discovered in their implementations as well [3]. We found in our conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, we decided to drop support for `in_totorc`.\n\n### Other Recommendations\n\nSandbox functionary code as recommended in https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x.\n\n### References\n\n[1] https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html\n[2] https://spec.editorconfig.org/\n[3] https://github.blog/2022-04-12-git-security-vulnerability-announced/\n",
"id": "GHSA-wc64-c5rv-32pf",
"modified": "2023-05-11T20:47:56Z",
"published": "2023-05-11T20:47:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x"
},
{
"type": "WEB",
"url": "https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32076"
},
{
"type": "WEB",
"url": "https://github.com/in-toto/in-toto/commit/3a21d84f40811b7d191fa7bd17265c1f99599afd"
},
{
"type": "PACKAGE",
"url": "https://github.com/in-toto/in-toto"
},
{
"type": "WEB",
"url": "https://github.com/in-toto/in-toto/releases/tag/v2.0.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/in-toto/PYSEC-2023-63.yaml"
},
{
"type": "WEB",
"url": "https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "in-toto vulnerable to Configuration Read From Local Directory"
}
GHSA-WGFW-CPJM-64V6
Vulnerability from github – Published: 2024-01-10 18:30 – Updated: 2025-11-04 21:31An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURL_image parameter.
{
"affected": [],
"aliases": [
"CVE-2023-49864"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-10T16:15:49Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter.",
"id": "GHSA-wgfw-cpjm-64v6",
"modified": "2025-11-04T21:31:02Z",
"published": "2024-01-10T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49864"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHHH-XG23-HXCW
Vulnerability from github – Published: 2023-10-27 21:30 – Updated: 2023-11-08 03:30In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-40139"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-27T21:15:09Z",
"severity": "MODERATE"
},
"details": "In FillUi of FillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-whhh-xg23-hxcw",
"modified": "2023-11-08T03:30:31Z",
"published": "2023-10-27T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40139"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-10-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WMCV-PJ3G-38RP
Vulnerability from github – Published: 2025-02-12 21:31 – Updated: 2025-10-22 00:33An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
{
"affected": [],
"aliases": [
"CVE-2025-0111"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T21:15:16Z",
"severity": "HIGH"
},
"details": "An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue does not affect Cloud NGFW or Prisma Access software.",
"id": "GHSA-wmcv-pj3g-38rp",
"modified": "2025-10-22T00:33:12Z",
"published": "2025-02-12T21:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0111"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-0111"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-WMRR-G68F-2FHJ
Vulnerability from github – Published: 2022-07-14 00:00 – Updated: 2022-07-27 00:00In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534
{
"affected": [],
"aliases": [
"CVE-2022-20223"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-13T19:15:00Z",
"severity": "HIGH"
},
"details": "In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534",
"id": "GHSA-wmrr-g68f-2fhj",
"modified": "2022-07-27T00:00:48Z",
"published": "2022-07-14T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20223"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-07-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WMW7-JPM9-RMFF
Vulnerability from github – Published: 2026-04-08 21:33 – Updated: 2026-05-07 18:30An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
{
"affected": [],
"aliases": [
"CVE-2026-30817"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T19:25:20Z",
"severity": "MODERATE"
},
"details": "An external configuration control vulnerability in the OpenVPN module\u00a0of TP-Link AX53 v1.0\u00a0allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.",
"id": "GHSA-wmw7-jpm9-rmff",
"modified": "2026-05-07T18:30:33Z",
"published": "2026-04-08T21:33:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30817"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2305"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/faq/5055"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WVJ2-GC45-C4J5
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427
{
"affected": [],
"aliases": [
"CVE-2021-39765"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427",
"id": "GHSA-wvj2-gc45-c4j5",
"modified": "2022-04-06T00:01:52Z",
"published": "2022-03-31T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39765"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-12l"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.