CWE-50

• CWE ID
• 50

• CWE Name
• Path Equivalence: '//multiple/leading/slash'

• CWE Abstraction
• Variant

• CWE structure
• Simple

• CWE Status
• Incomplete

A software system that accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or