CWE-29
AllowedPath Traversal: '\..\filename'
Abstraction: Variant · Status: Incomplete
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.
127 vulnerabilities reference this CWE, most recent first.
GHSA-67RJ-2WCW-78M5
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2024-06-06 21:30parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter.
{
"affected": [],
"aliases": [
"CVE-2024-2360"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-06T19:15:54Z",
"severity": "CRITICAL"
},
"details": "parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the \u0027Database path\u0027 and \u0027PDF LaTeX path\u0027 settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application\u0027s handling of the \u0027discussion_db_name\u0027 and \u0027pdf_latex_path\u0027 parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the \u0027discussion_db_name\u0027 parameter.",
"id": "GHSA-67rj-2wcw-78m5",
"modified": "2024-06-06T21:30:36Z",
"published": "2024-06-06T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2360"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/65d0ef59-a761-4bbd-86fa-dd8e8621082e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6H3F-43VQ-53HJ
Vulnerability from github – Published: 2024-04-16 00:30 – Updated: 2025-05-12 21:46A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "zenml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.55.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-2083"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-16T18:22:20Z",
"nvd_published_at": "2024-04-16T00:15:11Z",
"severity": "CRITICAL"
},
"details": "A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the \u0027logs\u0027 URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.",
"id": "GHSA-6h3f-43vq-53hj",
"modified": "2025-05-12T21:46:49Z",
"published": "2024-04-16T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2083"
},
{
"type": "WEB",
"url": "https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-247.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/zenml-io/zenml"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Directory traversal in zenml"
}
GHSA-6JX2-8495-397P
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:33The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.
{
"affected": [],
"aliases": [
"CVE-2023-0104"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-22T21:15:00Z",
"severity": "HIGH"
},
"details": "The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user\u2019s computer or gain access to sensitive data.",
"id": "GHSA-6jx2-8495-397p",
"modified": "2024-04-04T05:33:13Z",
"published": "2023-07-06T19:24:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0104"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6MV8-95X5-XCQ9
Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2024-04-16 15:47A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "ai.h2o:h2o-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.40.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6038"
],
"database_specific": {
"cwe_ids": [
"CWE-29",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-08T18:41:10Z",
"nvd_published_at": "2023-11-16T17:15:09Z",
"severity": "CRITICAL"
},
"details": "A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.",
"id": "GHSA-6mv8-95x5-xcq9",
"modified": "2024-04-16T15:47:04Z",
"published": "2023-11-16T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6038"
},
{
"type": "PACKAGE",
"url": "https://github.com/h2oai/h2o-3"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/380fce33-fec5-49d9-a101-12c972125d8c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "H2O local file inclusion vulnerability"
}
GHSA-866H-PM2W-J493
Vulnerability from github – Published: 2025-02-10 21:31 – Updated: 2025-02-10 21:31A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when the filename transformation introduces '../' sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server.
{
"affected": [],
"aliases": [
"CVE-2024-13059"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-10T19:15:37Z",
"severity": "HIGH"
},
"details": "A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when the filename transformation introduces \u0027../\u0027 sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server.",
"id": "GHSA-866h-pm2w-j493",
"modified": "2025-02-10T21:31:38Z",
"published": "2025-02-10T21:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13059"
},
{
"type": "WEB",
"url": "https://github.com/mintplex-labs/anything-llm/commit/0b7bf68f2c02ca68075970fbf85d5a70ca5e94ca"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/92a875fe-c5b3-485c-b03f-d3185189e0b1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QCH-VJ6M-2694
Vulnerability from github – Published: 2024-12-10 06:31 – Updated: 2025-02-11 00:36Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "luigi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21542"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-10T17:02:23Z",
"nvd_published_at": "2024-12-10T05:15:07Z",
"severity": "HIGH"
},
"details": "Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.",
"id": "GHSA-8qch-vj6m-2694",
"modified": "2025-02-11T00:36:39Z",
"published": "2024-12-10T06:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21542"
},
{
"type": "WEB",
"url": "https://github.com/spotify/luigi/issues/3301"
},
{
"type": "WEB",
"url": "https://github.com/spotify/luigi/commit/b5d1b965ead7d9f777a3216369b5baf23ec08999"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/luigi/PYSEC-2024-159.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/spotify/luigi"
},
{
"type": "WEB",
"url": "https://github.com/spotify/luigi/releases/tag/v3.6.0"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-LUIGI-7830489"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "luigi Arbitrary File Write via Archive Extraction (Zip Slip)"
}
GHSA-9C5Q-W6GR-FXCQ
Vulnerability from github – Published: 2025-11-06 21:31 – Updated: 2025-11-06 23:50A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "mqtt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-12790"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-06T23:50:27Z",
"nvd_published_at": "2025-11-06T21:15:40Z",
"severity": "HIGH"
},
"details": "A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.",
"id": "GHSA-9c5q-w6gr-fxcq",
"modified": "2025-11-06T23:50:27Z",
"published": "2025-11-06T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12790"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-12790"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413004"
},
{
"type": "WEB",
"url": "https://github.com/njh/ruby-mqtt/blob/main/NEWS.md#ruby-mqtt-version-070-2025-10-29"
},
{
"type": "PACKAGE",
"url": "http://github.com/njh/ruby-mqtt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "MQTT does not validate hostnames"
}
GHSA-9HR3-J9MC-XMQ2
Vulnerability from github – Published: 2022-05-03 00:00 – Updated: 2022-05-20 21:17All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.alibaba.oneagent:one-java-agent-plugin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25842"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-20T21:17:03Z",
"nvd_published_at": "2022-05-01T16:15:00Z",
"severity": "MODERATE"
},
"details": "All versions of package `com.alibaba.oneagent:one-java-agent-plugin` are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. `../../evil.exe`). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine.",
"id": "GHSA-9hr3-j9mc-xmq2",
"modified": "2022-05-20T21:17:03Z",
"published": "2022-05-03T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25842"
},
{
"type": "WEB",
"url": "https://github.com/alibaba/one-java-agent/pull/29"
},
{
"type": "WEB",
"url": "https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf"
},
{
"type": "WEB",
"url": "https://github.com/alibaba/one-java-agent/pull/29/commits/b5b437f9f4c8cbfe7bdbe266e975a4bd513c13fe"
},
{
"type": "PACKAGE",
"url": "https://github.com/alibaba/one-java-agent"
},
{
"type": "WEB",
"url": "https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Path Traversal in com.alibaba.oneagent:one-java-agent-plugin"
}
GHSA-C4CC-W454-4634
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 20:51A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "agentscope"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-8537"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-20T20:51:49Z",
"nvd_published_at": "2025-03-20T10:15:42Z",
"severity": "CRITICAL"
},
"details": "A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory.",
"id": "GHSA-c4cc-w454-4634",
"modified": "2025-03-20T20:51:49Z",
"published": "2025-03-20T12:32:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8537"
},
{
"type": "WEB",
"url": "https://github.com/modelscope/agentscope/pull/459"
},
{
"type": "WEB",
"url": "https://github.com/modelscope/agentscope/commit/7d285e862f86fa1d96ed04c4cd40a5f1b8f9189a"
},
{
"type": "PACKAGE",
"url": "https://github.com/modelscope/agentscope"
},
{
"type": "WEB",
"url": "https://github.com/modelscope/agentscope/blob/01530ee6a99c86426aab1be11ec3b3b86ca640ac/src/agentscope/studio/_app.py#L743"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/eeb8aa4b-e6e5-465c-b0dd-aa97e3b7dc09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "AgentScope path traversal vulnerability"
}
GHSA-CM7X-JGJX-R2V4
Vulnerability from github – Published: 2025-10-11 09:30 – Updated: 2025-10-16 15:30Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2025-58291"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-11T09:15:33Z",
"severity": "LOW"
},
"details": "Denial of service (DoS) vulnerability in the office service.\u00a0Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-cm7x-jgjx-r2v4",
"modified": "2025-10-16T15:30:27Z",
"published": "2025-10-11T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58291"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.