CWE-59: Improper Link Resolution Before File Access ('Link Following')

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

CWE-59: Improper Link Resolution Before File Access ('Link Following')

Description

July 19, 2006, midnight

2023-06-29 00:00:00+00:00

MITRE

Related Weaknesses

CWE-61: UNIX Symbolic Link (Symlink) Following

CWE-62: UNIX Hard Link

CWE-64: Windows Shortcut Following (.LNK)

CWE-65: Windows Hard Link

CWE-73: External Control of File Name or Path

CWE-363: Race Condition Enabling Link Following

CWE-706: Use of Incorrectly-Resolved Name or Reference

CWE-1386: Insecure Operation on Windows Junction / Mount Point

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable