426 vulnerabilities classified as CWE-59 (在文件访问前对链接解析不恰当(链接跟随)). AI Chinese analysis included.
CWE-59 represents a critical input validation weakness where software fails to properly resolve symbolic links or shortcuts before accessing a file. Attackers typically exploit this vulnerability by crafting malicious links that point to sensitive system files or directories outside the intended scope. When the application resolves these links without adequate checks, it inadvertently grants access to unauthorized resources, potentially leading to data leakage, privilege escalation, or remote code execution. To mitigate this risk, developers must implement rigorous link resolution controls, ensuring that all file paths are canonicalized and verified against a strict allowlist before any I/O operations occur. Utilizing secure API functions that explicitly handle link following, combined with strict permission checks on the final resolved path, effectively prevents attackers from leveraging symlinks to bypass security boundaries and access unintended system components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-9602 | QEMU 权限许可和访问控制漏洞 — Qemu | 8.8 | - | 2018-04-26 |
| CVE-2018-1063 | policycoreutils 后置链接漏洞 — policycoreutils | 6.1 | - | 2018-03-02 |
| CVE-2017-7501 | Red Hat RPM 安全漏洞 — rpm | 7.8 | - | 2017-11-22 |
| CVE-2017-12172 | PostgreSQL 安全漏洞 — postgresql | 6.7 | - | 2017-11-22 |
| CVE-2017-12258 | Cisco Unified Communications Manager 安全漏洞 — Cisco Unified Communications Manager | 6.1 | - | 2017-10-05 |
| CVE-2013-0261 | Packstack: packstack: arbitrary file overwrite via symlink attack — Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | 8.8 | High | 2013-03-08 |
Vulnerabilities classified as CWE-59 (在文件访问前对链接解析不恰当(链接跟随)) represent 426 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.