CWE-50: Path Equivalence: '//multiple/leading/slash'
moderate-riskThe product accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Abstraction: Variant
Common Consequences
Confidentiality
→
Read Files or Directories
Real-World Examples (1)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-34092 | 7.5 | 55.1% | — |
41
/ 100
moderate-risk
Active Threat
41/50 · Critical
Exploit Availability
0/50 · Minimal