CWE-426
Allowed-with-ReviewUntrusted Search Path
Abstraction: Base · Status: Stable
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
894 vulnerabilities reference this CWE, most recent first.
GHSA-F5W3-73H4-JPCM
Vulnerability from github – Published: 2025-02-27 18:31 – Updated: 2025-02-27 20:59mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules. This issue affects mongosh prior to 2.3.0.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "mongosh"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-1756"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-27T20:59:00Z",
"nvd_published_at": "2025-02-27T16:15:39Z",
"severity": "HIGH"
},
"details": "mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user\u0027s system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0.",
"id": "GHSA-f5w3-73h4-jpcm",
"modified": "2025-02-27T20:59:00Z",
"published": "2025-02-27T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1756"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:1756"
},
{
"type": "PACKAGE",
"url": "https://github.com/mongodb-js/mongosh"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/MONGOSH-2028"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "mongosh vulnerable to local privilege escalation"
}
GHSA-F5XR-Q66Q-M7V8
Vulnerability from github – Published: 2022-05-14 01:02 – Updated: 2025-04-12 12:55Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2016-0016"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-01-13T05:59:00Z",
"severity": "HIGH"
},
"details": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka \"DLL Loading Remote Code Execution Vulnerability.\"",
"id": "GHSA-f5xr-q66q-m7v8",
"modified": "2025-04-12T12:55:46Z",
"published": "2022-05-14T01:02:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0016"
},
{
"type": "WEB",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=555"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/39233"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034661"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F69P-JVR2-8J5X
Vulnerability from github – Published: 2023-05-22 15:30 – Updated: 2024-04-04 04:16kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.
{
"affected": [],
"aliases": [
"CVE-2023-29790"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-12T01:15:09Z",
"severity": "HIGH"
},
"details": "kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.",
"id": "GHSA-f69p-jvr2-8j5x",
"modified": "2024-04-04T04:16:11Z",
"published": "2023-05-22T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29790"
},
{
"type": "WEB",
"url": "https://blog.mo60.cn/index.php/archives/kodbox.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F6VC-7QMX-FFW4
Vulnerability from github – Published: 2025-06-02 15:31 – Updated: 2025-12-03 21:30Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.
{
"affected": [],
"aliases": [
"CVE-2024-12168"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T13:15:20Z",
"severity": "HIGH"
},
"details": "Yandex Telemost for Desktop before 2.7.0\u00a0has a DLL Hijacking Vulnerability because an untrusted search path is used.",
"id": "GHSA-f6vc-7qmx-ffw4",
"modified": "2025-12-03T21:30:58Z",
"published": "2025-06-02T15:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12168"
},
{
"type": "WEB",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-products"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F72R-2H5J-7639
Vulnerability from github – Published: 2026-01-28 23:00 – Updated: 2026-02-10 19:56File Read Interface Case Bypass Vulnerability
Vulnerability Name
File Read Interface Case Bypass Vulnerability
Overview
The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files.
On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths
and read protected configuration files.
Impact
- Read sensitive information in configuration files (e.g., access codes, API Tokens, sync configurations, etc.).
- Remotely exploitable directly when the service is published without authentication.
Trigger Conditions
- Running on a case-insensitive file system.
- The caller can access
/api/file/getFile(via CheckAuth or Token injection in published services).
PoC (Generic Example)
After enabling publication:
Request:
POST /api/file/getFile
Content-Type: application/json
{"path":"cOnf/conf.json"}
Expected Result: - Successfully return the content of the configuration file.
Root Cause
Path comparison uses strict case-sensitive string matching, without case normalization or identical file validation.
Fix Recommendations
- Normalize path casing before comparison (Windows/macOS).
- Use file-level comparison methods such as
os.SameFile. - Apply blacklist validation on sensitive paths after case normalization.
Notes
- Environment identifiers and sensitive information have been removed.
Solution Commit
399a38893e8719968ea2511e177bb53e09973fa6
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.0-20260126094835-d5d10dd41b0c"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25992"
],
"database_specific": {
"cwe_ids": [
"CWE-178",
"CWE-22",
"CWE-426"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-28T23:00:57Z",
"nvd_published_at": "2026-02-10T18:16:38Z",
"severity": "HIGH"
},
"details": "# File Read Interface Case Bypass Vulnerability\n## Vulnerability Name\nFile Read Interface Case Bypass Vulnerability\n\n## Overview\nThe `/api/file/getFile` endpoint uses **case-sensitive string equality checks** to block access to sensitive files.\nOn case-insensitive file systems such as **Windows**, attackers can bypass restrictions using mixed-case paths\nand read protected configuration files.\n\n## Impact\n- Read sensitive information in configuration files (e.g., access codes, API Tokens, sync configurations, etc.).\n- Remotely exploitable directly when the service is published without authentication.\n\n## Trigger Conditions\n- Running on a **case-insensitive file system**.\n- The caller can access `/api/file/getFile` (via CheckAuth or Token injection in published services).\n\n## PoC (Generic Example)\nAfter enabling publication:\n\n**Request:**\n```http\nPOST /api/file/getFile\nContent-Type: application/json\n\n{\"path\":\"cOnf/conf.json\"}\n```\n\n**Expected Result:**\n- Successfully return the content of the configuration file.\n\n## Root Cause\nPath comparison uses strict case-sensitive string matching, without case normalization or identical file validation.\n\n## Fix Recommendations\n- Normalize path casing before comparison (Windows/macOS).\n- Use file-level comparison methods such as `os.SameFile`.\n- Apply blacklist validation on sensitive paths **after case normalization**.\n\n## Notes\n- Environment identifiers and sensitive information have been removed.\n\n## Solution Commit\n`399a38893e8719968ea2511e177bb53e09973fa6`",
"id": "GHSA-f72r-2h5j-7639",
"modified": "2026-02-10T19:56:53Z",
"published": "2026-01-28T23:00:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f72r-2h5j-7639"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25992"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/commit/1f02650b3892d2ea3896242dd2422c30bda55e11"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.5.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal"
}
GHSA-F79W-JPPJ-65WV
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.
{
"affected": [],
"aliases": [
"CVE-2018-1487"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-10T16:29:00Z",
"severity": "HIGH"
},
"details": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.",
"id": "GHSA-f79w-jppj-65wv",
"modified": "2022-05-13T01:33:12Z",
"published": "2022-05-13T01:33:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1487"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140972"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22016505"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041231"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F7W4-66VV-C7CF
Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2022-05-17 00:35Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.
{
"affected": [],
"aliases": [
"CVE-2015-3887"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-21T16:29:00Z",
"severity": "HIGH"
},
"details": "Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.",
"id": "GHSA-f7w4-66vv-c7cf",
"modified": "2022-05-17T00:35:40Z",
"published": "2022-05-17T00:35:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3887"
},
{
"type": "WEB",
"url": "https://github.com/rofl0r/proxychains-ng/issues/60"
},
{
"type": "WEB",
"url": "https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5#diff-803c5170888b8642f2a97e5e9423d399"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147013"
},
{
"type": "WEB",
"url": "https://github.com/rofl0r/proxychains-ng/blob/v4.9/README#L56"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/11"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74648"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F7XV-MWMJ-X7P9
Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-21325"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T18:15:56Z",
"severity": "HIGH"
},
"details": "Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability",
"id": "GHSA-f7xv-mwmj-x7p9",
"modified": "2024-01-09T18:30:29Z",
"published": "2024-01-09T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21325"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21325"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F85M-3JQ8-C2M2
Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.
{
"affected": [],
"aliases": [
"CVE-2018-0624"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-07T14:29:00Z",
"severity": "HIGH"
},
"details": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.",
"id": "GHSA-f85m-3jq8-c2m2",
"modified": "2022-05-14T02:03:30Z",
"published": "2022-05-14T02:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0624"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN06813756/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F8MP-VJ46-CQ8V
Vulnerability from github – Published: 2026-03-03 19:52 – Updated: 2026-03-25 18:44The shell environment fallback path could invoke an attacker-controlled shell when SHELL was inherited from an untrusted host environment. In affected builds, shell-env loading used $SHELL -l -c 'env -0' without validating that SHELL points to a trusted executable.
In threat-model terms, this requires local environment compromise or untrusted startup environment injection first; it is not a remote pre-auth path. The hardening patch validates SHELL as an absolute normalized executable, prefers /etc/shells, applies trusted-prefix fallback checks, and falls back safely to /bin/sh when validation fails. The dangerous env-var policy now also blocks SHELL overrides.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.21-2 - Latest published vulnerable version:
2026.2.21-2 - Patched versions (planned next release):
>= 2026.2.22
Fix Commit(s)
25e89cc86338ef475d26be043aa541dfdb95e52a
Release Process Note
The advisory pre-sets patched_versions to the planned next release (2026.2.22). After that npm release is published, maintainers can publish this advisory without further version-field edits.
OpenClaw thanks @athuljayaram for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32032"
],
"database_specific": {
"cwe_ids": [
"CWE-426",
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T19:52:45Z",
"nvd_published_at": "2026-03-19T22:16:38Z",
"severity": "HIGH"
},
"details": "The shell environment fallback path could invoke an attacker-controlled shell when `SHELL` was inherited from an untrusted host environment. In affected builds, shell-env loading used `$SHELL -l -c \u0027env -0\u0027` without validating that `SHELL` points to a trusted executable.\n\nIn threat-model terms, this requires local environment compromise or untrusted startup environment injection first; it is not a remote pre-auth path. The hardening patch validates `SHELL` as an absolute normalized executable, prefers `/etc/shells`, applies trusted-prefix fallback checks, and falls back safely to `/bin/sh` when validation fails. The dangerous env-var policy now also blocks `SHELL` overrides.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.2.21-2`\n- Latest published vulnerable version: `2026.2.21-2`\n- Patched versions (planned next release): `\u003e= 2026.2.22`\n\n## Fix Commit(s)\n- `25e89cc86338ef475d26be043aa541dfdb95e52a`\n\n## Release Process Note\nThe advisory pre-sets `patched_versions` to the planned next release (`2026.2.22`). After that npm release is published, maintainers can publish this advisory without further version-field edits.\n\nOpenClaw thanks @athuljayaram for reporting.",
"id": "GHSA-f8mp-vj46-cq8v",
"modified": "2026-03-25T18:44:27Z",
"published": "2026-03-03T19:52:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f8mp-vj46-cq8v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32032"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/25e89cc86338ef475d26be043aa541dfdb95e52a"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-shell-execution-via-unvalidated-shell-environment-variable"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw\u0027s shell env fallback trusts unvalidated SHELL path from host environment"
}
Mitigation
Strategy: Attack Surface Reduction
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Mitigation
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Mitigation
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Mitigation
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Mitigation
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CAPEC-38: Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.