Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir\..\..\filename' (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory.
CVE vulnerabilities with CWE-31 (11)
9.9
CVSS
CRITICAL
CVE-2024-2044
pub. 2024-03-07
8.8
CVSS
HIGH
CVE-2024-41376
pub. 2024-08-05
8.8
CVSS
HIGH
CVE-2024-24998
pub. 2024-04-19
8.1
CVSS
HIGH
CVE-2024-28088
pub. 2024-03-04
7.5
CVSS
HIGH
CVE-2024-36857
pub. 2024-06-04
7.5
CVSS
HIGH
CVE-2024-35431
pub. 2024-05-30
7.5
CVSS
HIGH
CVE-2019-6268
pub. 2024-03-08
7.5
CVSS
HIGH
CVE-2024-25840
pub. 2024-02-27
6.5
CVSS
MEDIUM
CVE-2024-35429
pub. 2024-05-30
5.3
CVSS
MEDIUM
CVE-2023-35860
pub. 2024-06-13
4.9
CVSS
MEDIUM
CVE-2024-22723
pub. 2024-02-28