CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

CVE-2026-44837

ViewComponent CVE-2026-44837 affects Rails ViewComponent from 3.0.0 to 4.9.0. Root cause: system test entrypoint uses File.realpath and starts_with to check the path, which is not a safe containment check and allows potential sibling-directory escapes. Impact: could permit access to files outside...

view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

Summary The system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. Severity: Medium; test-rou...

view_component - System Test Entry Point Path Check Allows Sibling Directory Escape

The system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. Severity: Medium; test-route scope...

GHSA-HF5P-Q87M-CRJ7 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Summary A path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Example Given an extraction directory set to /tmp/extract, a crafted archive with an entry...

CVE-2026-35613

coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...

CVE-2026-35613

CVE-2026-35613 affects coursevault-preview prior to 0.1.1. The issue arises from a boundary check that uses String.prototype.startsWith(baseDir) on a normalized path, which does not enforce a directory boundary, permitting a path traversal via a client-controlled relativePath. An attacker could r...

GO-2026-4494 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs

lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs...

CVE-2026-26187

CVE-2026-26187 affects lakeFS before v1.77.0, where the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read/write files outside the configured storage. The verifyRelPath check used strings.HasPrefix without requiring a separator, enabling path traversal to sibling ...

Path Traversal

io.github.pixee: java-security-toolkit is vulnerable to a partial path traversal bypass. The vulnerable is due to currentDirectory.getCanonicalPath returning a path that is not terminated by a trailing slash. As such, using startsWith to do string comparisons opens up a flaw allowing for...

HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057

Impact Zip Slip protections implemented in CVE-2023-24057 GHSA-jqh6-9574-5x22 can be bypassed due a partial path traversal vulnerability. This issue allows a malicious actor to potentially break out of the TerminologyCacheManager cache directory. The impact is limited to sibling directories. To...