CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1990 vulnerabilities reference this CWE, most recent first.
GHSA-28F2-GW74-5CPJ
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2025-04-20 03:49The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
{
"affected": [],
"aliases": [
"CVE-2017-15357"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-01T17:29:00Z",
"severity": "HIGH"
},
"details": "The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.",
"id": "GHSA-28f2-gw74-5cpj",
"modified": "2025-04-20T03:49:23Z",
"published": "2022-05-13T01:27:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15357"
},
{
"type": "WEB",
"url": "https://m4.rkw.io/blog/cve201715357-local-root-privesc-in-arq-backup--596.html"
},
{
"type": "WEB",
"url": "https://www.arqbackup.com/download/arq5_release_notes.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/43218"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-28FH-4J57-CC4W
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
{
"affected": [],
"aliases": [
"CVE-2020-24556"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-01T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.",
"id": "GHSA-28fh-4j57-cc4w",
"modified": "2022-05-24T17:27:08Z",
"published": "2022-05-24T17:27:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24556"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000263633"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000267260"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-28M8-9J7V-X499
Vulnerability from github – Published: 2022-09-16 19:28 – Updated: 2022-09-22 17:28Impact
Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked.
Patches
The issue has been resolved in https://github.com/tauri-apps/tauri/pull/5123 and the implementation now properly checks if the
requested (sub) directory is a symbolic link outside of the defined scope.
Workarounds
Disable the readDir endpoint in the allowlist inside the tauri.conf.json.
For more information
This issue was initially reported by martin-ocasek in #4882.
If you have any questions or comments about this advisory: * Open an issue in tauri * Email us at security@tauri.app
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "tauri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39215"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T19:28:49Z",
"nvd_published_at": "2022-09-15T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nDue to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked.\n\n\n### Patches\nThe issue has been resolved in https://github.com/tauri-apps/tauri/pull/5123 and the implementation now properly checks if the\nrequested (sub) directory is a symbolic link outside of the defined `scope`.\n\n### Workarounds\nDisable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.\n\n### For more information\n\nThis issue was initially reported by [martin-ocasek]( https://github.com/martin-ocasek) in [#4882](https://github.com/tauri-apps/tauri/issues/4882).\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [tauri](https://github.com/tauri-apps/tauri)\n* Email us at [security@tauri.app](mailto:security@tauri.app)\n",
"id": "GHSA-28m8-9j7v-x499",
"modified": "2022-09-22T17:28:05Z",
"published": "2022-09-16T19:28:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39215"
},
{
"type": "WEB",
"url": "https://github.com/tauri-apps/tauri/issues/4882"
},
{
"type": "WEB",
"url": "https://github.com/tauri-apps/tauri/pull/5123"
},
{
"type": "WEB",
"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"
},
{
"type": "WEB",
"url": "https://github.com/tauri-apps/tauri/commit/bb178829086e80916f9be190f02d83bc25802799"
},
{
"type": "PACKAGE",
"url": "https://github.com/tauri-apps/tauri"
},
{
"type": "WEB",
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.6"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2022-0088.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Tauri\u0027s readDir Endpoint Scope can be Bypassed With Symbolic Links"
}
GHSA-28XP-G7F6-7MHF
Vulnerability from github – Published: 2022-05-14 03:49 – Updated: 2023-10-10 16:33Syncthing version 0.14.33 and older erronously versions symlinks when they are deleted. If a directory is then created with the same name, a file created in that directory, and the file deleted, it is moved into the symlink target. This can lead to symlink traversal resulting in arbitrary file overwrite.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/syncthing/syncthing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.14.33"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-1000420"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-26T22:17:40Z",
"nvd_published_at": "2018-01-02T19:29:00Z",
"severity": "HIGH"
},
"details": "Syncthing version 0.14.33 and older erronously versions symlinks when they are deleted. If a directory is then created with the same name, a file created in that directory, and the file deleted, it is moved into the symlink target. This can lead to symlink traversal resulting in arbitrary file overwrite.",
"id": "GHSA-28xp-g7f6-7mhf",
"modified": "2023-10-10T16:33:31Z",
"published": "2022-05-14T03:49:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000420"
},
{
"type": "WEB",
"url": "https://github.com/syncthing/syncthing/issues/4286"
},
{
"type": "WEB",
"url": "https://github.com/syncthing/syncthing/commit/f1f21bf22020d9b881478c2e942ba6943c8da2f3"
},
{
"type": "PACKAGE",
"url": "https://github.com/syncthing/syncthing"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Syncthing vulnerable to symlink traversal and arbitrary file overwrite"
}
GHSA-293M-43XJ-42H4
Vulnerability from github – Published: 2022-05-14 02:44 – Updated: 2022-05-14 02:44Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.
{
"affected": [],
"aliases": [
"CVE-2010-2027"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-05-24T19:30:00Z",
"severity": "LOW"
},
"details": "Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.",
"id": "GHSA-293m-43xj-42h4",
"modified": "2022-05-14T02:44:34Z",
"published": "2022-05-14T02:44:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2027"
},
{
"type": "WEB",
"url": "http://marc.info/?l=full-disclosure\u0026m=127380255201760\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39805"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/511298/100/0/threaded"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-296J-R9GR-7W2C
Vulnerability from github – Published: 2024-08-28 06:30 – Updated: 2024-08-28 06:30Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2023-43078"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-28T06:15:03Z",
"severity": "MODERATE"
},
"details": "Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.",
"id": "GHSA-296j-r9gr-7w2c",
"modified": "2024-08-28T06:30:31Z",
"published": "2024-08-28T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43078"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000217981/dsa-2023-362-security-update-for-dell-dock-firmware-and-dell-client-platform-for-an-improper-link-resolution-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29FV-9Q46-Q5G2
Vulnerability from github – Published: 2026-06-10 12:33 – Updated: 2026-06-10 21:31Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.
{
"affected": [],
"aliases": [
"CVE-2026-11853"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T10:16:31Z",
"severity": "MODERATE"
},
"details": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.",
"id": "GHSA-29fv-9q46-q5g2",
"modified": "2026-06-10T21:31:36Z",
"published": "2026-06-10T12:33:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11853"
},
{
"type": "WEB",
"url": "https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e"
},
{
"type": "WEB",
"url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103"
},
{
"type": "WEB",
"url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1484"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-29J9-2P84-4F27
Vulnerability from github – Published: 2022-11-23 18:30 – Updated: 2022-11-28 18:30An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
{
"affected": [],
"aliases": [
"CVE-2009-1143"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-23T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).",
"id": "GHSA-29j9-2p84-4f27",
"modified": "2022-11-28T18:30:15Z",
"published": "2022-11-23T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1143"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/264577"
},
{
"type": "WEB",
"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29Q4-GXJQ-RX5C
Vulnerability from github – Published: 2021-02-10 02:31 – Updated: 2021-02-10 01:48Impact
It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.
Patches
The issue was fixed on 0.0.19 version
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.scimono:scimono-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21479"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-62",
"CWE-690",
"CWE-74",
"CWE-77",
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2021-02-10T01:48:45Z",
"nvd_published_at": "2021-02-09T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nIt is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.\n\n### Patches\nThe issue was fixed on [0.0.19 version](https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19)",
"id": "GHSA-29q4-gxjq-rx5c",
"modified": "2021-02-10T01:48:45Z",
"published": "2021-02-10T02:31:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21479"
},
{
"type": "WEB",
"url": "https://github.com/SAP/scimono/commit/413b5d75fa94e77876af0e47be76475a23745b80"
},
{
"type": "WEB",
"url": "https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Remote Code Execution in SCIMono"
}
GHSA-29XC-2RHM-5F2Q
Vulnerability from github – Published: 2024-04-04 09:30 – Updated: 2025-06-30 15:30The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
{
"affected": [],
"aliases": [
"CVE-2024-29007"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-04T08:15:06Z",
"severity": "HIGH"
},
"details": "The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.",
"id": "GHSA-29xc-2rhm-5f2q",
"modified": "2025-06-30T15:30:32Z",
"published": "2024-04-04T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29007"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.