CWE-53: Path Equivalence: '\multiple\\internal\backslash'
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product accepts path input in the form of multiple internal backslash ('\multiple\trailing\\slash') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Files or Directories Modify Files or Directories
潜在缓解措施
阶段: Implementation
策略: Input Validation
描述: Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | \multiple\\internal\backslash | - |
| Software Fault Patterns | SFP16 | Path Traversal | - |