CWE-647
Use of Non-Canonical URL Paths for Authorization Decisions
The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.
Official CWE-647 definition at MITREImpactr finds and proves weaknesses like CWE-647 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist