CWE-36

Overview

CWE ID
36

CWE Name
Absolute Path Traversal

CWE Abstraction
Base

CWE structure
Simple

CWE Status
Draft

Description

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

Extended Description

This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.

Related CWEs

CWE ID	View ID	Nature	Ordinal
22	1000	ChildOf	Primary
22	1305	ChildOf	Primary
22	1340	ChildOf	Primary

Related CVEs

CVE
CVE-2021-30173
CVE-2023-1176
CVE-2023-2101
CVE-2023-2765
CVE-2024-4881
CVE-2023-4172
CVE-2023-3765
CVE-2023-40597
CVE-2023-41830
CVE-2023-5022
CVE-2023-5390
CVE-2023-32054
CVE-2023-36786
CVE-2023-30970
CVE-2023-50955
CVE-2023-34135
CVE-2024-2362
CVE-2024-2548
CVE-2024-29053
CVE-2024-1703
CVE-2024-21323
CVE-2023-36786
CVE-2023-30970
CVE-2023-50955
CVE-2023-34135
CVE-2024-2362
CVE-2024-2548
CVE-2024-29053
CVE-2024-1703
CVE-2024-21323
CVE-2024-21323
CVE-2024-6250
CVE-2024-20401
CVE-2024-7323
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-8778
CVE-2024-8497
CVE-2024-45291
CVE-2024-45290
CVE-2024-9924
CVE-2024-20379
CVE-2024-47883
CVE-2024-10651