VYPR

CWE-44

Path Equivalence: 'file.name' (Internal Dot)

VariantIncomplete

Description

The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1)

  • CVE-2025-24813KEVMar 10, 2025
    risk 0.16cvss epss 1.00

    Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2,…