VariantIncomplete

CWE-42Path Equivalence: 'filename.' (Trailing Dot)

Category: other

Description

The product accepts path input in the form of trailing dot ('filedir.') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

References

  1. https://cwe.mitre.org/data/definitions/42.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Path Equivalence: 'filename....' (Multiple Trailing Dot)
CWE
Path Equivalence: 'file...name' (Multiple Internal Dot)
CWE
Path Equivalence: 'file.name' (Internal Dot)
CWE
Path Equivalence: '/./' (Single Dot Directory)
CWE
Path Equivalence: 'filename/' (Trailing Slash)
CWE
Path Equivalence: 'filedir\' (Trailing Backslash)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.