Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1990 vulnerabilities reference this CWE, most recent first.

GHSA-28F2-GW74-5CPJ

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2025-04-20 03:49
VLAI
Details

The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-01T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.",
  "id": "GHSA-28f2-gw74-5cpj",
  "modified": "2025-04-20T03:49:23Z",
  "published": "2022-05-13T01:27:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15357"
    },
    {
      "type": "WEB",
      "url": "https://m4.rkw.io/blog/cve201715357-local-root-privesc-in-arq-backup--596.html"
    },
    {
      "type": "WEB",
      "url": "https://www.arqbackup.com/download/arq5_release_notes.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43218"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-28FH-4J57-CC4W

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27
VLAI
Details

A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24556"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-01T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.",
  "id": "GHSA-28fh-4j57-cc4w",
  "modified": "2022-05-24T17:27:08Z",
  "published": "2022-05-24T17:27:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24556"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000263632"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000263633"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000267260"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-28M8-9J7V-X499

Vulnerability from github – Published: 2022-09-16 19:28 – Updated: 2022-09-22 17:28
VLAI
Summary
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Details

Impact

Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked.

Patches

The issue has been resolved in https://github.com/tauri-apps/tauri/pull/5123 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined scope.

Workarounds

Disable the readDir endpoint in the allowlist inside the tauri.conf.json.

For more information

This issue was initially reported by martin-ocasek in #4882.

If you have any questions or comments about this advisory: * Open an issue in tauri * Email us at security@tauri.app

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "tauri"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T19:28:49Z",
    "nvd_published_at": "2022-09-15T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nDue to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked.\n\n\n### Patches\nThe issue has been resolved in https://github.com/tauri-apps/tauri/pull/5123 and the implementation now properly checks if the\nrequested (sub) directory is a symbolic link outside of the defined `scope`.\n\n### Workarounds\nDisable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.\n\n### For more information\n\nThis issue was initially reported by [martin-ocasek]( https://github.com/martin-ocasek) in [#4882](https://github.com/tauri-apps/tauri/issues/4882).\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [tauri](https://github.com/tauri-apps/tauri)\n* Email us at [security@tauri.app](mailto:security@tauri.app)\n",
  "id": "GHSA-28m8-9j7v-x499",
  "modified": "2022-09-22T17:28:05Z",
  "published": "2022-09-16T19:28:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tauri-apps/tauri/issues/4882"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tauri-apps/tauri/pull/5123"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tauri-apps/tauri/commit/bb178829086e80916f9be190f02d83bc25802799"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tauri-apps/tauri"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.6"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0088.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Tauri\u0027s readDir Endpoint Scope can be Bypassed With Symbolic Links"
}

GHSA-28XP-G7F6-7MHF

Vulnerability from github – Published: 2022-05-14 03:49 – Updated: 2023-10-10 16:33
VLAI
Summary
Syncthing vulnerable to symlink traversal and arbitrary file overwrite
Details

Syncthing version 0.14.33 and older erronously versions symlinks when they are deleted. If a directory is then created with the same name, a file created in that directory, and the file deleted, it is moved into the symlink target. This can lead to symlink traversal resulting in arbitrary file overwrite.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/syncthing/syncthing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.14.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-1000420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-26T22:17:40Z",
    "nvd_published_at": "2018-01-02T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Syncthing version 0.14.33 and older erronously versions symlinks when they are deleted. If a directory is then created with the same name, a file created in that directory, and the file deleted, it is moved into the symlink target. This can lead to symlink traversal resulting in arbitrary file overwrite.",
  "id": "GHSA-28xp-g7f6-7mhf",
  "modified": "2023-10-10T16:33:31Z",
  "published": "2022-05-14T03:49:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000420"
    },
    {
      "type": "WEB",
      "url": "https://github.com/syncthing/syncthing/issues/4286"
    },
    {
      "type": "WEB",
      "url": "https://github.com/syncthing/syncthing/commit/f1f21bf22020d9b881478c2e942ba6943c8da2f3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/syncthing/syncthing"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Syncthing vulnerable to symlink traversal and arbitrary file overwrite"
}

GHSA-293M-43XJ-42H4

Vulnerability from github – Published: 2022-05-14 02:44 – Updated: 2022-05-14 02:44
VLAI
Details

Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-2027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-24T19:30:00Z",
    "severity": "LOW"
  },
  "details": "Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.",
  "id": "GHSA-293m-43xj-42h4",
  "modified": "2022-05-14T02:44:34Z",
  "published": "2022-05-14T02:44:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2027"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=127380255201760\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39805"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511298/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-296J-R9GR-7W2C

Vulnerability from github – Published: 2024-08-28 06:30 – Updated: 2024-08-28 06:30
VLAI
Details

Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-28T06:15:03Z",
    "severity": "MODERATE"
  },
  "details": "Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.",
  "id": "GHSA-296j-r9gr-7w2c",
  "modified": "2024-08-28T06:30:31Z",
  "published": "2024-08-28T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43078"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000217981/dsa-2023-362-security-update-for-dell-dock-firmware-and-dell-client-platform-for-an-improper-link-resolution-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29FV-9Q46-Q5G2

Vulnerability from github – Published: 2026-06-10 12:33 – Updated: 2026-06-10 21:31
VLAI
Details

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-10T10:16:31Z",
    "severity": "MODERATE"
  },
  "details": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.",
  "id": "GHSA-29fv-9q46-q5g2",
  "modified": "2026-06-10T21:31:36Z",
  "published": "2026-06-10T12:33:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11853"
    },
    {
      "type": "WEB",
      "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e"
    },
    {
      "type": "WEB",
      "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103"
    },
    {
      "type": "WEB",
      "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1484"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29J9-2P84-4F27

Vulnerability from github – Published: 2022-11-23 18:30 – Updated: 2022-11-28 18:30
VLAI
Details

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1143"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-23T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).",
  "id": "GHSA-29j9-2p84-4f27",
  "modified": "2022-11-28T18:30:15Z",
  "published": "2022-11-23T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1143"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/264577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29Q4-GXJQ-RX5C

Vulnerability from github – Published: 2021-02-10 02:31 – Updated: 2021-02-10 01:48
VLAI
Summary
Remote Code Execution in SCIMono
Details

Impact

It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.

Patches

The issue was fixed on 0.0.19 version

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.scimono:scimono-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21479"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-62",
      "CWE-690",
      "CWE-74",
      "CWE-77",
      "CWE-917"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-02-10T01:48:45Z",
    "nvd_published_at": "2021-02-09T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nIt is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.\n\n### Patches\nThe issue was fixed on  [0.0.19 version](https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19)",
  "id": "GHSA-29q4-gxjq-rx5c",
  "modified": "2021-02-10T01:48:45Z",
  "published": "2021-02-10T02:31:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21479"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAP/scimono/commit/413b5d75fa94e77876af0e47be76475a23745b80"
    },
    {
      "type": "WEB",
      "url": "https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Remote Code Execution in SCIMono"
}

GHSA-29XC-2RHM-5F2Q

Vulnerability from github – Published: 2024-04-04 09:30 – Updated: 2025-06-30 15:30
VLAI
Details

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-04T08:15:06Z",
    "severity": "HIGH"
  },
  "details": "The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.",
  "id": "GHSA-29xc-2rhm-5f2q",
  "modified": "2025-06-30T15:30:32Z",
  "published": "2024-04-04T09:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29007"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.