Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-43 (路径等价:’filename….’ (多个尾部的点号)) — Vulnerability Class 1

1 vulnerabilities classified as CWE-43 (路径等价:’filename….’ (多个尾部的点号)). AI Chinese analysis included.

CWE-43 represents a path traversal weakness where software fails to properly validate input containing multiple trailing dots, such as "filename....". This vulnerability arises because different operating systems and file parsers handle these dots inconsistently, leading to ambiguous path resolution. Attackers typically exploit this by injecting sequences of trailing dots into file path inputs, tricking the application into resolving the path to unintended directories or sensitive system files outside the expected scope. To mitigate this risk, developers must implement strict input validation that rejects or normalizes paths containing multiple trailing dots. Additionally, using canonicalization libraries to resolve paths to their absolute, normalized forms before processing ensures consistent behavior across platforms, thereby preventing attackers from leveraging parsing discrepancies to bypass security controls and access unauthorized resources.

MITRE CWE Description
The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
CVE IDTitleCVSSSeverityPublished
CVE-2025-10353 Missing Authorization vulnerability in Melis Platform — Melis Platform 8.8AIHighAI2025-10-08

Vulnerabilities classified as CWE-43 (路径等价:’filename….’ (多个尾部的点号)) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.