GHSA-7F4F-P7MQ-P4FV Drupal External URL injection through URL aliases leading to Open Redirect

The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url...

PT-2024-40158 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The issue concerns the path module in Drupal, which allows users with the 'administer paths' permission to create pretty URLs for content. Under certain circumstances, a user can enter a...

SUSE CVE-2005-0448

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452...

SUSE CVE-2008-5303

Race condition in the rmtree function in File::Path 1.08 lib/File/Path.pm in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. ...

SUSE CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2022:3271-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3271-1 advisory. - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers t...

EulerOS 2.0 SP2 : perl-File-Path (EulerOS-SA-2021-2422)

According to the version of the perl-File-Path package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on...

EulerOS 2.0 SP3 : perl-File-Path (EulerOS-SA-2021-1829)

According to the version of the perl-File-Path package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on...

GHSA-8MRF-64FW-2X75 Command injection in fs-path

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

Insecure Configuration

perl allows for insecure configuration. A race condition in the rmtree and removetree functions in the File-Path module allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic...

CVE-2018-7158

It was found that the 'path' module from Node.js was vulnerable to a Regular Expression Denial of Service REDoS flaw. An attacker able to provide a specially crafted file path to a Node.js script could force it to hang indefinitely...

EulerOS Virtualization for ARM 64 3.0.2.0 : perl-File-Path (EulerOS-SA-2020-1187)

According to the version of the perl-File-Path package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attacker...

Drupal 8.x < 8.5.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in content moderation that could lead to an access bypass. - A flaw exists in path module that could allow users with the administer paths to enter a particular...

Drupal 8.6.x < 8.6.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in content moderation that could lead to an access bypass. - A flaw exists in path module that could allow users with the administer paths to enter a particular...

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (140a14b5-d615-11e8-b3cb-00e04c1ea73d)

Drupal Security Team reports : he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: he path module allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.The issue is mitigated by the fact that the user needs the...

Node.js 'path' Module Regular Expression DoS Vulnerability - Windows

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

Node.js 'path' Module Regular Expression Denial-of-Service Vulnerability - Mac OS X

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

CVE-2018-3732

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path...

PT-2018-16156 · Node · Resolve-Path

Name of the Vulnerable Software and Affected Versions: resolve-path versions prior to 1.4.0 Description: The issue arises from a lack of validation of paths containing certain special characters in the resolve-path node module, allowing a malicious user to read the content of any file with a know...