Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
Extended Description
This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
CVE vulnerabilities with CWE-36 (128)
10.0
CVSS
CRITICAL
CVE-2025-34392
pub. 2025-12-10
10.0
CVSS
CRITICAL
CVE-2023-3765
pub. 2023-07-19
9.9
CVSS
CRITICAL
CVE-2022-24877
pub. 2022-05-06
9.8
CVSS
CRITICAL
CVE-2024-10811
pub. 2025-01-14
9.8
CVSS
CRITICAL
CVE-2024-13159
pub. 2025-01-14🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2024-13160
pub. 2025-01-14🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2024-13161
pub. 2025-01-14🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2024-9924
pub. 2024-10-14
9.8
CVSS
CRITICAL
CVE-2024-20401
pub. 2024-07-17
9.3
CVSS
CRITICAL
CVE-2025-0851
pub. 2025-01-29
9.3
CVSS
CRITICAL
CVE-2024-51549
pub. 2024-12-05
9.1
CVSS
CRITICAL
CVE-2024-10831
pub. 2025-03-20
9.1
CVSS
CRITICAL
CVE-2024-10833
pub. 2025-03-20
9.1
CVSS
CRITICAL
CVE-2024-47883
pub. 2024-10-24
9.1
CVSS
CRITICAL
CVE-2024-2362
pub. 2024-06-06
8.8
CVSS
HIGH
CVE-2026-26337
pub. 2026-02-19
8.8
CVSS
HIGH
CVE-2025-7846
pub. 2025-10-31
8.8
CVSS
HIGH
CVE-2025-6381
pub. 2025-06-28
8.8
CVSS
HIGH
CVE-2024-8501
pub. 2025-03-20
8.8
CVSS
HIGH
CVE-2024-21323
pub. 2024-04-09
Showing 20 of 128 vulnerabilities