CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

GHSA-8P4X-WR7X-3788 python-liquid: Absolute paths escape filesystem loader search path

Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the resolveURI function while performing directory validation when the configuration value livy.file.local-dir-whitelist is set to a non-default value. An attacker can gain unauthorized access to arbitrary...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

GHSA-62G9-6HW5-RWFP Path Traversal in resolve-path

Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths. Recommendation Update to version 1.4.0 or later...

koa-static-security (>=0.0.3 <=0.0.7) potentially affected by CVE-2018-3732 via resolve-path (=1.3.3)

resolve-path NPM version =1.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on resolve-path and may be impacted: - koa-static-security =0.0.3, =0.0.7 Source cves: CVE-2018-3732 Source advisory: OSV:GHSA-62G9-6HW5-RWFP...

Path Traversal in resolve-path

Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths. Recommendation Update to version 1.4.0 or later...

resolve-path path traversal vulnerability

resolve-path is a module for resolving and validating relative paths to the root path. A path traversal vulnerability exists in resolve-path versions prior to 1.4.0, which stems from the program's lack of detection of paths with special strings. An attacker can exploit this vulnerability to read...

CVE-2018-3732

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path...

CVE-2018-3732

The CVE-2018-3732 issue affects the resolve-path Node.js module prior to version 1.4.0. It suffers from a path traversal vulnerability due to insufficient validation of certain special-character paths, enabling a malicious user to read contents of files at known paths. Public reports across NVD, ...

PT-2018-16156 · Node · Resolve-Path

Name of the Vulnerable Software and Affected Versions: resolve-path versions prior to 1.4.0 Description: The issue arises from a lack of validation of paths containing certain special characters in the resolve-path node module, allowing a malicious user to read the content of any file with a know...

Path Traversal

Overview Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths. Recommendation Update to version 1.4.0 or later. References - HackerOne Report - GitHub Advisory...

Path Traversal

resolve-path is vulnerable path traversal attacks. A malicious user can access areas outside of the intended target directory by using a url containing ../...

Node.js third-party modules: Path Traversal on Resolve-Path

The author of resolve-path told me that I can submit this to here. The vulnerability already reported to the author and got a fixed! Module module name: resolve-path version: 1.3.3 npm page: https://www.npmjs.com/package/resolve-path Description Resolve a relative path against a root path with...