CWE-61

Overview

CWE ID
61

CWE Name
UNIX Symbolic Link (Symlink) Following

CWE Abstraction
Compound

CWE structure
Composite

CWE Status
Incomplete

Description

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthori

Extended Description

A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. Th

Related CWEs

CWE ID	View ID	Nature	Ordinal
59	1000	ChildOf	Primary
362	1000	Requires
340	1000	Requires
386	1000	Requires
732	1000	Requires

Related CVEs

CVE
CVE-2020-8019
CVE-2020-8014
CVE-2019-16775
CVE-2021-25322
CVE-2021-25321
CVE-2022-3592
CVE-2021-4287
CVE-2021-39134
CVE-2021-39135
CVE-2023-37460
CVE-2023-39246
CVE-2024-1933
CVE-2024-28185
CVE-2024-28189
CVE-2024-25953
CVE-2024-25952
CVE-2023-39246
CVE-2024-1933
CVE-2024-28185
CVE-2024-28189
CVE-2024-25953
CVE-2024-25952
CVE-2024-42367
CVE-2024-39578
CVE-2024-45310
CVE-2024-47877
CVE-2024-0134
CVE-2024-34014
CVE-2024-34015
CVE-2023-20093
CVE-2023-20092
CVE-2023-20091
CVE-2024-52522