CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22
CVE-2022-31572 CRITICAL
ceeceevip/cockybook <2015-04-16 - Path Traversal
CVSS 9.3
CVE-2022-31571 CRITICAL
Python-Flask-Restful-API <2019-09-16 - Path Traversal
CVSS 9.3
CVE-2022-31570 CRITICAL
adriankoczuruek/ceneo-web-scrapper <2021-03-15 - Path Traversal
CVSS 9.8
CVE-2022-31568 CRITICAL
Rexians/rex-web <2022-06-05 - Path Traversal
CVSS 9.3
CVE-2022-31567 CRITICAL
DSABenchmark/DSAB <2.1 - Path Traversal
CVSS 9.3
CVE-2022-31566 HIGH
DSAB-local/DSAB <2019-02-18 - Path Traversal
CVSS 8.6
CVE-2022-31565 CRITICAL
yogson/syrabond <2020-05-25 - Path Traversal
CVSS 9.3
CVE-2022-31564 CRITICAL
woduq1414/munhak-moa <2022-05-03 - Path Traversal
CVSS 9.3
CVE-2022-31563 CRITICAL
whmacmac/vprj <2022-04-06 - Path Traversal
CVSS 9.3
CVE-2022-31562 CRITICAL
Waveyan Internship System <2018-05-22 - Path Traversal
CVSS 9.3
CVE-2022-31561 CRITICAL
varijkapil13/Sphere_ImageBackend <2019-10-03 - Path Traversal
CVSS 9.3
CVE-2022-31560 CRITICAL
UncleYiba/photo_tag <2020-08-31 - Path Traversal
CVSS 9.3
CVE-2022-31559 CRITICAL
tsileo/flask-yeoman <2013-09-13 - Path Traversal
CVSS 9.3
CVE-2022-31558 CRITICAL
Tooxie/Shiva-Server <0.10.0 - Path Traversal
CVSS 9.3
CVE-2022-31557 CRITICAL
seveas/golem <2016-05-17 - Path Traversal
CVSS 9.3
CVE-2022-31556 CRITICAL
rusyasoft/TrainEnergyServer <2017-08-03 - Path Traversal
CVSS 9.3
CVE-2022-31555 CRITICAL
Romain20100/NurseQuest <2018-02-22 - Path Traversal
CVSS 9.3
CVE-2022-31554 CRITICAL
rohitnayak/movie-review-sentiment-analysis <2017-05-07 - Path Trave...
CVSS 9.3
CVE-2022-31553 CRITICAL
rainsoupah/sleep-learner <2021-02-21 - Path Traversal
CVSS 9.3
CVE-2022-31552 CRITICAL
project-anuvaad/anuvaad-corpus <2020-11-23 - Path Traversal
CVSS 9.3
CVE-2022-31551 CRITICAL
pleomax00/flask-mongo-skel <2012-11-01 - Path Traversal
CVSS 9.3
CVE-2022-31550 CRITICAL
olmax99/pyathenastack <2019-11-08 - Path Traversal
CVSS 9.3
CVE-2022-31549 CRITICAL
olmax99/helm-flask-celery <2022-05-25 - Path Traversal
CVSS 9.3
CVE-2022-31548 CRITICAL
nrlakin/homepage <2017-03-06 - Path Traversal
CVSS 9.3
CVE-2022-31547 CRITICAL
noamezekiel/sphere <2020-05-31 - Path Traversal
CVSS 9.3
Details
Vulnerabilities 9,220
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits