File Handling Issues

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associa...

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but ...

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an uni...

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory na...

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access re...

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...