Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-36 (绝对路径遍历) — Vulnerability Class 106

106 vulnerabilities classified as CWE-36 (绝对路径遍历). AI Chinese analysis included.

CWE-36 represents an absolute path traversal weakness where software fails to properly neutralize absolute path sequences, such as "/abs/path," when constructing file paths from external input. Attackers typically exploit this vulnerability by injecting absolute paths into user-controlled parameters, causing the application to resolve file locations outside the intended restricted directory. This allows unauthorized access to sensitive system files or directories that should remain inaccessible. To prevent such exploits, developers must rigorously validate and sanitize all user-supplied path inputs, ensuring they conform to expected formats and remain within designated boundaries. Implementing strict allow-lists for permitted directories and using secure API functions that inherently restrict path resolution can effectively mitigate this risk. Additionally, employing chroot jails or containerization further isolates file access, reducing the impact of any potential traversal attempts.

MITRE CWE Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Common Consequences (4)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
IntegrityModify Files or Directories
The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow …
ConfidentialityRead Files or Directories
The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing a…
AvailabilityDoS: Crash, Exit, or Restart
The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the product from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the pr…
Mitigations (3)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
OperationUse an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
Effectiveness: Moderate
Examples (2)
In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.
String filename = System.getProperty("com.domain.application.dictionaryFile"); File dictionaryFile = new File(filename);
Bad · Java
This script intends to read a user-supplied file from the current directory. The user inputs the relative path to the file and the script uses Python's os.path.join() function to combine the path to the current working directory with the provided path to the specified file. This results in an absolute path to the desired file. If the file does not exist when the script attempts to read it, an erro…
import os import sys def main(): filename = sys.argv[1] path = os.path.join(os.getcwd(), filename) try: with open(path, 'r') as f: file_data = f.read() except FileNotFoundError as e: print("Error - file not found") main()
Bad · Python
import os import sys def main(): filename = sys.argv[1] path = os.path.normpath(f"{os.getcwd()}{os.sep}{filename}") if path.startswith("/home/cwe/documents/"): try: with open(path, 'r') as f: file_data = f.read() except FileNotFoundError as e: print("Error - file not found") main()
Good · Python
CVE IDTitleCVSSSeverityPublished
CVE-2024-10651 CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal — IDExpert 4.9 Medium2024-11-01
CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses — simile-butterfly 9.1 Critical2024-10-24
CVE-2024-20379 Cisco Secure Firewall Management Center 安全漏洞 — Cisco Firepower Management Center 6.5 Medium2024-10-23
CVE-2024-9924 Hgiga OAKlouds - Arbitrary File Read And Delete — OAKlouds 9.8 Critical2024-10-14
CVE-2024-45290 Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet — PhpSpreadsheet 7.7 High2024-10-07
CVE-2024-45291 Path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheet — PhpSpreadsheet 6.3 Medium2024-10-07
CVE-2024-8497 Franklin Fueling Systems TS-550 EVO Absolute Path Traversal — TS-550 EVO 7.5 High2024-09-24
CVE-2024-8778 The SYSCOM Group OMFLOW - Arbitrary File Read — OMFLOW 6.5 Medium2024-09-16
CVE-2024-7323 Digiwin EasyFlow .NET - Arbitrary File Download — EasyFlow .NET 6.5 Medium2024-08-02
CVE-2024-20401 Cisco Secure Email 安全漏洞 — Cisco Secure Email 9.8 Critical2024-07-17
CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui — parisneo/lollms-webui 7.5AIHighAI2024-06-27
CVE-2024-4881 Path Traversal in parisneo/lollms — parisneo/lollms 9.1AICriticalAI2024-06-06
CVE-2024-2362 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webui 9.1AICriticalAI2024-06-06
CVE-2024-2548 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webui 6.2AIMediumAI2024-06-06
CVE-2023-41830 Motorola Ready For 安全漏洞 — Phones 6.5 Medium2024-05-03
CVE-2024-29053 Microsoft Defender for IoT Remote Code Execution Vulnerability — Microsoft Defender for IoT 8.8 High2024-04-09
CVE-2024-21323 Microsoft Defender for IoT Remote Code Execution Vulnerability — Microsoft Defender for IoT 8.8 High2024-04-09
CVE-2024-1703 ZhongBangKeJi CRMEB openfile absolute path traversal — CRMEB 3.5 Low2024-02-21
CVE-2023-50955 IBM InfoSphere Information Server information disclosure — InfoSphere Information Server 2.4 Low2024-02-21
CVE-2023-5390 Honeywell Experion ControlEdge VirtualUOC和ControlEdge UOC 安全漏洞 — ControlEdge UOC 5.3 Medium2024-01-31
CVE-2023-30970 Gotham table and Forward App Path traversal — com.palantir.gotham:blackbird-witchcraft 6.5 Medium2024-01-29
CVE-2023-5115 Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files — Red Hat Ansible Automation Platform 2.3 for RHEL 8 6.3 Medium2023-12-18
CVE-2023-36786 Skype for Business Remote Code Execution Vulnerability — Skype for Business Server 2015 CU13 7.2 High2023-10-10
CVE-2023-5022 DedeCMS select_templets_post.php absolute path traversal — DedeCMS 5.5 Medium2023-09-17
CVE-2023-40597 Absolute Path Traversal in Splunk Enterprise Using runshellscript.py — Splunk Enterprise 7.8 High2023-08-30
CVE-2023-4172 Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx absolute path traversal — Flash Flood Disaster Monitoring and Warning System 4.3 Medium2023-08-05
CVE-2023-3765 Absolute Path Traversal in mlflow/mlflow — mlflow/mlflow 4.3 -2023-07-19
CVE-2023-34135 SonicWALL Analytics和GMS 路径遍历漏洞 — GMS 6.5 -2023-07-13
CVE-2023-32054 Volume Shadow Copy Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.3 High2023-07-11
CVE-2023-2765 Weaver OA downfile.php absolute path traversal — OA 4.3 Medium2023-05-17

Vulnerabilities classified as CWE-36 (绝对路径遍历) represent 106 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.