1 vulnerabilities classified as CWE-50 (路径等价:’//multiple/leading/slash’). AI Chinese analysis included.
CWE-50 represents a path equivalence weakness where software fails to normalize or validate input containing multiple leading slashes, such as '//'. This ambiguity allows attackers to exploit inconsistent path resolution mechanisms across different operating systems or application layers, potentially bypassing security controls designed to restrict access to specific directories. By injecting these redundant slashes, an adversary may trick the application into interpreting a restricted path as valid, leading to unauthorized file access or directory traversal attacks. To mitigate this risk, developers must implement strict input validation that rejects or normalizes such sequences before processing. Utilizing canonical path resolution libraries and enforcing consistent path handling across all system calls ensures that ambiguous inputs are resolved uniformly, thereby preventing attackers from leveraging these discrepancies to access unintended resources or compromise system integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-34092 | Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) — vite | 7.5 | High | 2023-06-01 |
Vulnerabilities classified as CWE-50 (路径等价:’//multiple/leading/slash’) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.