The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
Since the regular expression does not have the /g global match modifier, it only removes the first instance of "../" it comes across. So an input value such as:
CWE-790: Improper Filtering of Special Elements is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
If exploited, CWE-790 (Improper Filtering of Special Elements) it can compromise Integrity, leading to outcomes such as Unexpected State.
A CWE (Common Weakness Enumeration) like CWE-790 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.