The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.
Improper Following of a Certificate's Chain of Trust
17
Base
Low
The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.
Incorrect Behavior Order: Validate Before Canonicalize
17
Variant
-
The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.
Use of Password Hash Instead of Password for Authentication
16
Base
-
The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
Insufficient Control of Network Message Volume (Network Amplification)
16
Class
-
The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.
Improper Restriction of Names for Files and Other Resources
16
Base
Low
The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.
A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.
Improper Neutralization of Wildcards or Matching Symbols
15
Variant
-
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.