CWE-37
Overview
- CWE ID
- 37
- CWE Name
- Path Traversal: '/absolute/pathname/here'
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Draft
Description
A software system that accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.