CWE-47: Path Equivalence: ' filename' (Leading Space)
The product accepts path input in the form of leading space (' filedir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Last updated
Overview
CWE-47 (Path Equivalence: ' filename' (Leading Space)) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-47 is exploited.
Read Files or Directories, Modify Files or Directories
Affects: Confidentiality, Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Terminology & mappings
Mapped taxonomies
- PLOVER: Leading Space - ' filedir'
- Software Fault Patterns: Path Traversal (SFP16)