CWE-59: Improper Link Resolution Before File Access ('Link Following')
Weakness Details
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-61: UNIX Symbolic Link (Symlink) Following
Go to
CWE-62: UNIX Hard Link
Go to
CWE-64: Windows Shortcut Following (.LNK)
Go to
CWE-65: Windows Hard Link
Go to
CWE-73: External Control of File Name or Path
Go to
CWE-363: Race Condition Enabling Link Following
Go to
CWE-706: Use of Incorrectly-Resolved Name or Reference
Go to
CWE-1386: Insecure Operation on Windows Junction / Mount Point
Go to
Visit https://cwe.mitre.org/ for more details.