CWE-57

Path Equivalence: 'fakedir/../realdir/filename'

AI Translation Available

The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.

Status

incomplete

Abstraction

variant

Affected Platforms

Technical Details

AI Translation

Common Consequences

confidentiality integrity

Impacts

read files or directories modify files or directories

Potential Mitigations

Phases:

implementation

Descriptions:

• Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

Functional Areas

file processing

AI Generated Translation

Common Consequences

riservatezza integrità

Impacts

leggere file o directory modificare file o directory

Potential Mitigations

Phases:

implementazione

Descriptions:

• Gli input devono essere decodificati e canonicalizzati nella rappresentazione interna corrente dell'applicazione prima di essere convalidati (CWE-180). Assicurarsi che l'applicazione non decodifichi lo stesso input due volte (CWE-174). Questi errori potrebbero essere utilizzati per aggirare i meccanismi di validazione basati su allowlist introducendo input pericolosi dopo che sono stati verificati.

Functional Areas

elaborazione file

CWE-57

Common Consequences

Impacts

Potential Mitigations

Functional Areas

Common Consequences

Impacts

Potential Mitigations

Functional Areas

Iscriviti alla newsletter