The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
110 vulnerabilities with CWE-24
CVE-2021-3710
MEDIUM
apport - Information Disclosure via Path Traversal in read_file()
CVSS 6.5
CVE-2021-29466
MEDIUM
discord-recon < 0.0.4 - Path Traversal
CVSS 6.5
CVE-2021-26725
HIGH
Nozominetworks Central Management Control < 19.0.12 - Path Traversal
CVSS 7.2
CVE-2020-7882
HIGH
Hancom AnySign4PC - Path Traversal and Arbitrary File Deletion via getPFXFolderList Parameter
CVSS 7.5
CVE-2020-8568
MEDIUM
Kubernetes Secrets Store CSI Driver 0.0.15-0.0.16 - Path Traversal & Arbitrary File Write
CVSS 5.8
CVE-2020-8567
MEDIUM
Google Secret Manager Provider For Secret Store Csi Driver < 0.2.0 - Path Traversal
CVSS 4.9
CVE-2020-9708
MEDIUM
Adobe Git Server < 1.3.1 - Path Traversal via resolveRepositoryPath
CVSS 5.9
CVE-2019-25087
MEDIUM
RamseyK httpserver - Path Traversal
CVSS 5.3
CVE-2018-25094
LOW
Online Accounting System <=1.4.0 - Path Traversal
CVSS 3.5
CVE-2014-125033
LOW
rails-cv-app < 2014-11-16 - Path Traversal via Uploaded Files Controller
CVSS 3.5
Details
Vulnerabilities
110