CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,734 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 39 of 175
- CVE-2017-16122HIGHCVSS 7.5EG 7.52018-06-07
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16123HIGHCVSS 7.5EG 7.52018-06-07
welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16124HIGHCVSS 7.5EG 7.52018-06-07
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16125HIGHCVSS 7.5EG 7.52018-06-07
rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../…
- CVE-2017-16130HIGHCVSS 7.5EG 7.52018-06-07
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those wi…
- CVE-2017-16131HIGHCVSS 7.5EG 7.52018-06-07
unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16132HIGHCVSS 7.5EG 7.52018-06-07
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16133HIGHCVSS 7.5EG 7.52018-06-07
goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16134HIGHCVSS 7.5EG 7.52018-06-07
http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16135HIGHCVSS 7.5EG 7.52018-06-07
serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16139HIGHCVSS 7.5EG 7.52018-06-07
jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions.
- CVE-2017-16140HIGHCVSS 7.5EG 7.52018-06-07
lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16141HIGHCVSS 7.5EG 7.52018-06-07
lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16142HIGHCVSS 7.5EG 7.52018-06-07
infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16143HIGHCVSS 7.5EG 7.52018-06-07
commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16144HIGHCVSS 7.5EG 7.52018-06-07
myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16145HIGHCVSS 7.5EG 7.52018-06-07
sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16146HIGHCVSS 7.5EG 7.52018-06-07
mockserve is a file server. mockserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16147HIGHCVSS 7.5EG 7.52018-06-07
shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16148HIGHCVSS 7.5EG 7.52018-06-07
serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16149HIGHCVSS 7.5EG 7.52018-06-07
zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16150HIGHCVSS 7.5EG 7.52018-06-07
wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16152HIGHCVSS 7.5EG 7.52018-06-07
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16153HIGHCVSS 7.5EG 7.52018-05-29
gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16154HIGHCVSS 7.5EG 7.52018-06-07
earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16155HIGHCVSS 7.5EG 7.52018-06-07
fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16156HIGHCVSS 7.5EG 7.52018-06-07
myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16157HIGHCVSS 7.5EG 7.52018-06-07
censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16158HIGHCVSS 7.5EG 7.52018-06-07
dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16159HIGHCVSS 7.5EG 7.52018-06-07
caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16160HIGHCVSS 7.5EG 7.52018-06-07
11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16161HIGHCVSS 7.5EG 7.52018-06-07
shenliru is a simple file server. shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16162HIGHCVSS 7.5EG 7.52018-06-07
22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16163HIGHCVSS 7.5EG 7.52018-06-07
dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16164HIGHCVSS 7.5EG 7.52018-06-07
desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files.
- CVE-2017-16165HIGHCVSS 7.5EG 7.52018-06-07
calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16166HIGHCVSS 7.5EG 7.52018-06-07
byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16167HIGHCVSS 7.5EG 7.52018-06-07
yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16168HIGHCVSS 7.5EG 7.52018-06-07
wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16169HIGHCVSS 7.5EG 7.52018-06-07
looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16170HIGHCVSS 7.5EG 7.52018-06-07
liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16171HIGHCVSS 7.5EG 7.52018-06-07
hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16172HIGHCVSS 7.5EG 7.52018-06-07
section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16173HIGHCVSS 7.5EG 7.52018-06-07
utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16174HIGHCVSS 7.5EG 7.52018-06-07
whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16175HIGHCVSS 7.5EG 7.52018-06-07
ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16176HIGHCVSS 7.5EG 7.52018-06-07
jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16177HIGHCVSS 7.5EG 7.52018-06-07
chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16178HIGHCVSS 7.5EG 7.52018-06-07
intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16179MEDIUMCVSS 5.3EG 5.32018-06-07
dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files.
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →