CWE-23 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
CWE-230 |
The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null. |
CWE-231 |
The software does not handle or incorrectly handles when more values are provided than expected. |
CWE-232 |
The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name. |
CWE-233 |
The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. |
CWE-234 |
If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well. |
CWE-235 |
The software does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount. |
CWE-236 |
The software does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product. |
CWE-237 |
The software does not handle or incorrectly handles inputs that are related to complex structures. |
CWE-238 |
The software does not handle or incorrectly handles when a particular structural element is not completely specified. |