Common Weakness Enumeration

CWE-35

Allowed

Path Traversal: '.../...//'

Abstraction: Variant · Status: Incomplete

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

334 vulnerabilities reference this CWE, most recent first.

GHSA-52MP-27CF-FHVH

Vulnerability from github – Published: 2026-05-18 18:31 – Updated: 2026-05-18 18:31
VLAI
Details

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-18T18:17:38Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
  "id": "GHSA-52mp-27cf-fhvh",
  "modified": "2026-05-18T18:31:31Z",
  "published": "2026-05-18T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45495"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45495"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54V5-PMWX-6W9W

Vulnerability from github – Published: 2025-08-05 03:31 – Updated: 2025-08-05 03:31
VLAI
Details

DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-05T03:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability",
  "id": "GHSA-54v5-pmwx-6w9w",
  "modified": "2025-08-05T03:31:18Z",
  "published": "2025-08-05T03:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53417"
    },
    {
      "type": "WEB",
      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00010_DIAView%20Directory%20Traversal%20Information%20Disclosure.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-57XR-3WQM-X7W6

Vulnerability from github – Published: 2025-08-06 15:31 – Updated: 2025-08-06 15:31
VLAI
Details

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-06T15:15:31Z",
    "severity": "MODERATE"
  },
  "details": "The Mobile Access Portal\u0027s File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of \u0027nobody\u0027-accessible directories on the Mobile Access gateway.",
  "id": "GHSA-57xr-3wqm-x7w6",
  "modified": "2025-08-06T15:31:27Z",
  "published": "2025-08-06T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52885"
    },
    {
      "type": "WEB",
      "url": "https://support.checkpoint.com/results/sk/sk183137"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-585P-83GH-3Q2H

Vulnerability from github – Published: 2024-12-28 09:31 – Updated: 2024-12-28 09:31
VLAI
Details

Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)

This vulnerability has been assigned a (CVE)ID:CVE-2023-7263

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-28T07:15:19Z",
    "severity": "HIGH"
  },
  "details": "Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7263",
  "id": "GHSA-585p-83gh-3q2h",
  "modified": "2024-12-28T09:31:28Z",
  "published": "2024-12-28T09:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7263"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-593H-GXFM-RJ8P

Vulnerability from github – Published: 2024-11-18 18:30 – Updated: 2024-11-18 18:30
VLAI
Details

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T16:15:05Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the application data endpoints of Cisco\u0026nbsp;SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.\nThe vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
  "id": "GHSA-593h-gxfm-rj8p",
  "modified": "2024-11-18T18:30:55Z",
  "published": "2024-11-18T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26073"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5CVJ-Q53X-R9M4

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:16:55Z",
    "severity": "HIGH"
  },
  "details": "Custom role Path Traversal in WP Customer Area \u003c= 8.3.4 versions.",
  "id": "GHSA-5cvj-q53x-r9m4",
  "modified": "2026-06-15T21:30:47Z",
  "published": "2026-06-15T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42661"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/customer-area/vulnerability/wordpress-wp-customer-area-plugin-8-3-4-path-traversal-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GJJ-P5JQ-F47G

Vulnerability from github – Published: 2025-02-25 15:34 – Updated: 2026-04-01 18:33
VLAI
Details

Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-25T15:15:24Z",
    "severity": "MODERATE"
  },
  "details": "Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.",
  "id": "GHSA-5gjj-p5jq-f47g",
  "modified": "2026-04-01T18:33:49Z",
  "published": "2025-02-25T15:34:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26876"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/search-with-typesense/vulnerability/wordpress-search-with-typesense-plugin-2-0-8-path-traversal-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5RXF-FQCH-7VQP

Vulnerability from github – Published: 2023-09-13 15:31 – Updated: 2025-10-03 14:21
VLAI
Summary
NLnet Labs’ Routinator vulnerable to path traversal
Details

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "routinator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.9.0"
            },
            {
              "fixed": "0.12.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-39916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-35"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-03T14:21:45Z",
    "nvd_published_at": "2023-09-13T15:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.",
  "id": "GHSA-5rxf-fqch-7vqp",
  "modified": "2025-10-03T14:21:45Z",
  "published": "2023-09-13T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39916"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NLnetLabs/routinator/pull/892"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/NLnetLabs/routinator"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NLnetLabs/routinator/releases/tag/v0.12.2"
    },
    {
      "type": "WEB",
      "url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NLnet Labs\u2019 Routinator vulnerable to path traversal"
}

GHSA-5V3H-X4WF-5C35

Vulnerability from github – Published: 2026-05-07 01:23 – Updated: 2026-05-14 20:31
VLAI
Summary
Rancher Extensions have arbitrary file access via path traversal
Details

Impact

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to:

  • Overwrite Rancher binaries or configuration to inject code.
  • Write to /var/lib/rancher/ to tamper with cluster state.
  • If hostPath volumes are mounted, write to the host node filesystem.
  • Use this issue to chain with other attack vectors.

By default only the administrator can deploy UI extensions, unless permissions are granted to other users. It's always recommended to only install extensions that come from sources trusted by the user.

Please consult the associated MITRE CAPEC-126 - Technique - Path Traversal for further information about this category of attack.

Patches

This vulnerability is addressed by ensuring that:

  • The file defined by the UI Plugin CR's compressedEndpoint has to be created inside the cache directory and cannot contain ../. If that is not possible, the installation will fail and the file won't be created.
  • The icons referenced by Cluster Repos' index.yaml file always resolves to a file inside the repository directory.

Patched versions of Rancher include releases v2.14.1, v2.13.5, v2.12.9, v2.11.13.

Workarounds

There is no workaround. The user must be careful about which UI Plugins they install.

Resources

If there are any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.14.0"
            },
            {
              "fixed": "2.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.13.0"
            },
            {
              "fixed": "2.13.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.12.0"
            },
            {
              "fixed": "2.12.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.11"
            },
            {
              "fixed": "2.11.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T01:23:59Z",
    "nvd_published_at": "2026-05-13T08:16:16Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to:\n\n- Overwrite Rancher binaries or configuration to inject code.\n- Write to `/var/lib/rancher/` to tamper with cluster state.\n- If `hostPath` volumes are mounted, write to the host node filesystem.\n- Use this issue to chain with other attack vectors.\n\nBy default only the administrator can deploy UI extensions, unless permissions are granted to other users. It\u0027s always recommended to only install extensions that come from sources trusted by the user.\n\nPlease consult the associated  [MITRE CAPEC-126 - Technique - Path Traversal](https://capec.mitre.org/data/definitions/126.html) for further information about this category of attack.\n\n### Patches\n\nThis vulnerability is addressed by ensuring that:\n\n- The file defined by the UI Plugin CR\u0027s `compressedEndpoint` has to be created inside the cache directory and cannot contain `../`. If that is not possible, the installation will fail and the file won\u0027t be created. \n- The icons referenced by Cluster Repos\u0027 `index.yaml` file always resolves to a file inside the repository directory.\n\nPatched versions of Rancher include releases v2.14.1, v2.13.5, v2.12.9, v2.11.13.\n\n### Workarounds\n\nThere is no workaround. The user must be careful about which UI Plugins they install.\n\n### Resources\n\nIf there are any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with the [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
  "id": "GHSA-5v3h-x4wf-5c35",
  "modified": "2026-05-14T20:31:20Z",
  "published": "2026-05-07T01:23:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-5v3h-x4wf-5c35"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25705"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25705"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rancher/rancher"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rancher Extensions have arbitrary file access via path traversal"
}

GHSA-5VPP-FV65-GW43

Vulnerability from github – Published: 2024-12-18 21:30 – Updated: 2026-04-01 18:32
VLAI
Details

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-35"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-18T19:15:13Z",
    "severity": "HIGH"
  },
  "details": "Path Traversal: \u0027.../...//\u0027 vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.",
  "id": "GHSA-5vpp-fv65-gw43",
  "modified": "2026-04-01T18:32:53Z",
  "published": "2024-12-18T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56055"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/wplms_plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-arbitrary-directory-deletion-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-arbitrary-directory-deletion-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, the ".../...//" manipulation is useful for bypassing some path traversal protection schemes. If "../" sequences are removed from the ".../...//" string in a sequential fashion (as some regular expression engines and other algorithms operate) the string can collapse into the unsafe "../" value (CWE-182). Removing the first "../" yields "....//" and the second removal yields "../".
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.