CWE-62 - UNIX Hard Link

Description

The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Latest vulnerabilities for CWE-62

Multiple vulnerabilities in IBM Storage Fusion HCI 2024-01-29
High Yes

Denial of service in NoMachine 2024-01-29
Low Yes

Multiple vulnerabilities in snapd 2022-02-21
Low Yes

Multiple vulnerabilities in Apple macOS Mojave 2021-05-25
High Yes

Multiple vulnerabilities in Apple macOS Big Sur 2021-05-24
High Yes

Multiple vulnerabilities in FreeRADIUS 2019-12-03
Medium Yes

UNIX Hard Link in fstream package for NPM 2019-05-24
Medium Yes

Insecure hardlink processing in fstream npm module 2019-05-15
Medium Yes

References

Description of CWE-62 on Mitre website