CWE-41(Improper Resolution of Path Equivalence)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。
The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
| 類型 | 名稱 | 類 | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。
| CVE | 公開時間 | 摘要 |
|---|---|---|
| CVE-2026-49401 | 2026-06-23 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path sup… |
| CVE-2026-50568 | 2026-06-10 | Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/uti… |
| CVE-2026-5816 | 2026-04-22 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript… |
| CVE-2026-34510 | 2026-04-01 | OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit th… |
| CVE-2026-34451 | 2026-03-31 | Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in th… |
| CVE-2026-23674 | 2026-03-10 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
| CVE-2025-58290 | 2025-10-11 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-43298 | 2025-09-15 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain… |
| CVE-2025-54107 | 2025-09-09 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
| CVE-2024-8765 | 2025-03-20 | In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. Thi… |
| CVE-2024-6839 | 2025-03-20 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to… |
| CVE-2025-0115 | 2025-03-12 | A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (… |
| CVE-2025-21247 | 2025-03-11 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
| CVE-2025-24470 | 2025-02-11 | An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve … |
| CVE-2025-21332 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-21329 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-21328 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-21269 | 2025-01-14 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| CVE-2025-21268 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-21219 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
| 日期 | 名稱 | 版本 | 重要性 | 評論 |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations, Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Other_Notes, Taxonomy_Mappings, Type |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Description |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Relationships |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Name |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated Potential_Mitigations |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Other_Notes, Potential_Mitigations, Relationship_Notes |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Common_Consequences, Observed_Examples, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors, Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Affected_Resources, Applicable_Platforms, Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Related_Attack_Patterns |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Potential_Mitigations, Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Observed_Examples, Potential_Mitigations, Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Observed_Examples |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Detection_Factors, Functional_Areas, References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Observed_Examples, Relationships, Weakness_Ordinalities |