VariantIncomplete

CWE-45Path Equivalence: 'file...name' (Multiple Internal Dot)

Category: other

Description

The product accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common consequences· 1

  • Confidentiality / Integrity — Read Files or Directories, Modify Files or Directories

References

  1. https://cwe.mitre.org/data/definitions/45.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Path Equivalence: 'filename....' (Multiple Trailing Dot)
CWE
Path Equivalence: 'file.name' (Internal Dot)
CWE
Path Equivalence: 'filename.' (Trailing Dot)
CWE
Path Equivalence: '/./' (Single Dot Directory)
CWE
Path Equivalence: '\multiple\\internal\backslash'
CWE
Path Equivalence: '/multiple//internal/slash'
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.