The product receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
The following code takes untrusted input and uses a regular expression to filter a "../" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
Since the regular expression is only looking for an instance of "../" at the beginning of the string, it only removes the first "../" element. So an input value such as:
my $Username = GetUntrustedInput();$Username =~ s/^\.\.\///;my $filename = "/home/user/" . $Username;ReadAndSendFile($filename);CWE-796: Only Filtering Special Elements Relative to a Marker is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component.
If exploited, CWE-796 (Only Filtering Special Elements Relative to a Marker) it can compromise Integrity, leading to outcomes such as Unexpected State.
CWE-796 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-796 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.