CWE-46 - Path Equivalence: 'filename ' (Trailing Space)

Description

A software system that accepts path input in the form of trailing space ('filedir ') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-46

Multiple vulnerabilities in Microsoft Internet Explorer 2016-10-11
High Yes Zero Day Public exploit

References

Description of CWE-46 on Mitre website