CWE-67
Improper Handling of Windows Device Names
The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.
Official CWE-67 definition at MITREImpactr finds and proves weaknesses like CWE-67 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist