CWE-52
Path Equivalence: '/multiple/trailing/slash//'
AI Translation Available
The product accepts path input in the form of multiple trailing slash ('/multiple/trailing/slash//') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Status
incomplete
Abstraction
variant
Affected Platforms
Not Technology-Specific
Web Based
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
Impacts
read files or directories
modify files or directories
Potential Mitigations
Phases:
implementation
Descriptions:
•
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Functional Areas
file processing