CWE-50
Path Equivalence: '//multiple/leading/slash'
The product accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Official CWE-50 definition at MITREImpactr finds and proves weaknesses like CWE-50 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist