CVEbaza.plCWE DictionaryCWE-34
Common Weakness Enumeration

CWE-34

Path Traversal: '....//'

Category: VariantCVE: 1
Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.

CVE vulnerabilities with CWE-34 (1)
7.5
CVSS
HIGH
CVE-2023-41629

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal.

pub. 2023-10-17
Information
ID: CWE-34
Type: Variant
Vulnerabilities: 1
MITRE CWE ↗
← CWE Dictionary