Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1986 vulnerabilities reference this CWE, most recent first.

GHSA-X8V2-49FM-H484

Vulnerability from github – Published: 2022-05-01 23:44 – Updated: 2022-05-01 23:44
VLAI
Details

aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-1901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-22T04:41:00Z",
    "severity": "HIGH"
  },
  "details": "aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.",
  "id": "GHSA-x8v2-49fm-h484",
  "modified": "2022-05-01T23:44:42Z",
  "published": "2022-05-01T23:44:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1901"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41956"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476588"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X937-7247-33M3

Vulnerability from github – Published: 2022-05-01 23:46 – Updated: 2025-04-09 03:54
VLAI
Details

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-2052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-02T17:05:00Z",
    "severity": "MODERATE"
  },
  "details": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.",
  "id": "GHSA-x937-7247-33m3",
  "modified": "2025-04-09T03:54:13Z",
  "published": "2022-05-01T23:46:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2052"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
    },
    {
      "type": "WEB",
      "url": "http://holisticinfosec.org/content/view/62/45"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9MQ-H652-RW6X

Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33
VLAI
Details

Microsoft Office Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T02:04:30Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Office Elevation of Privilege Vulnerability",
  "id": "GHSA-x9mq-h652-rw6x",
  "modified": "2024-12-12T03:33:04Z",
  "published": "2024-12-12T03:33:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49059"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49059"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9MV-RGR7-FXHP

Vulnerability from github – Published: 2026-05-21 09:32 – Updated: 2026-05-21 09:32
VLAI
Details

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-21T08:16:20Z",
    "severity": "HIGH"
  },
  "details": "An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.",
  "id": "GHSA-x9mv-rgr7-fxhp",
  "modified": "2026-05-21T09:32:08Z",
  "published": "2026-05-21T09:32:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44051"
    },
    {
      "type": "WEB",
      "url": "https://netatalk.io/security/CVE-2026-44051"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XC75-CC6Q-49FG

Vulnerability from github – Published: 2025-05-30 00:31 – Updated: 2025-05-31 00:30
VLAI
Details

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-29T22:15:21Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation.",
  "id": "GHSA-xc75-cc6q-49fg",
  "modified": "2025-05-31T00:30:28Z",
  "published": "2025-05-30T00:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31198"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122373"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122374"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122375"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCM7-PMG9-8WJQ

Vulnerability from github – Published: 2026-07-08 21:30 – Updated: 2026-07-08 21:30
VLAI
Details

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T20:16:47Z",
    "severity": "MODERATE"
  },
  "details": "The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1.",
  "id": "GHSA-xcm7-pmg9-8wjq",
  "modified": "2026-07-08T21:30:27Z",
  "published": "2026-07-08T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14361"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2026-20-consul-template-vulnerable-to-path-redirections-in-writetofile/77559"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XF75-659H-CGG5

Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-04-29 22:58
VLAI
Summary
uutils coreutils has a Link Following Issue
Details

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the contents of the link's target. In environments where a privileged user (e.g., root) monitors a log directory, a local attacker with write access to that directory can replace a log file with a symlink to a sensitive system file (such as /etc/shadow), causing tail to disclose the contents of the sensitive file.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "coreutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T22:58:55Z",
    "nvd_published_at": "2026-04-22T17:16:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the contents of the link\u0027s target. In environments where a privileged user (e.g., root) monitors a log directory, a local attacker with write access to that directory can replace a log file with a symlink to a sensitive system file (such as /etc/shadow), causing tail to disclose the contents of the sensitive file.",
  "id": "GHSA-xf75-659h-cgg5",
  "modified": "2026-04-29T22:58:55Z",
  "published": "2026-04-22T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35345"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/issues/10328"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "uutils coreutils has a Link Following Issue"
}

GHSA-XF7W-R453-M56C

Vulnerability from github – Published: 2019-05-30 17:19 – Updated: 2021-08-04 20:12
VLAI
Summary
Arbitrary File Overwrite in fstream
Details

Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.

Recommendation

Upgrade to version 1.0.12 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "fstream"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-13173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-05-30T17:17:33Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Versions of `fstream` prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system\u0027s file with the contents of the extracted file. The `fstream.DirWriter()` function is vulnerable.\n\n\n## Recommendation\n\nUpgrade to version 1.0.12 or later.",
  "id": "GHSA-xf7w-r453-m56c",
  "modified": "2021-08-04T20:12:16Z",
  "published": "2019-05-30T17:19:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4123-1"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/886"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00052.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary File Overwrite in fstream"
}

GHSA-XFWG-78FH-5FCQ

Vulnerability from github – Published: 2022-05-17 05:53 – Updated: 2022-05-17 05:53
VLAI
Details

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-08T23:30:00Z",
    "severity": "MODERATE"
  },
  "details": "ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.",
  "id": "GHSA-xfwg-78fh-5fcq",
  "modified": "2022-05-17T05:53:18Z",
  "published": "2022-05-17T05:53:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5367"
    },
    {
      "type": "WEB",
      "url": "http://lists.debian.org/debian-devel/2008/08/msg00283.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XG84-CH2X-H237

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2024-04-04 03:04
VLAI
Details

OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-28T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).",
  "id": "GHSA-xg84-ch2x-h237",
  "modified": "2024-04-04T03:04:23Z",
  "published": "2022-05-24T17:40:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8585"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/NTAP-20210128-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.