CWE-21: CWE CATEGORY: DEPRECATED: Pathname Traversal and Equivalence Errors

ClassStable

This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category ( CWE-1219 ) or the class Use of Incorrectly-Resolved Name or Reference ( CWE-706 ).

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple
Vulnerability Mapping
PROHIBITED

Applicable To

Languages
Platforms

Frequently Asked Questions

What is CWE-21: CWE CATEGORY: DEPRECATED: Pathname Traversal and Equivalence Errors?+

CWE-21: CWE CATEGORY: DEPRECATED: Pathname Traversal and Equivalence Errors is a Common Weakness Enumeration (CWE) entry maintained by MITRE. This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category ( CWE-1219 ) or the class Use of Incorrectly-Resolved Name or Reference ( CWE-706 ).

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-21 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More