The software uses external input to construct a pathname that
is intended to identify a file or directory that is located underneath a
restricted parent directory, but the software does not properly neutralize
special elements within the pathname that can cause the pathname to resolve to a
location that is outside of the restricted directory.
The software constructs all or part of an OS command using
externally-influenced input from an upstream component, but it does not
neutralize or incorrectly neutralizes special elements that could modify the
intended OS command when it is sent to a downstream
A capture-replay flaw exists when the design of the software
makes it possible for a malicious user to sniff network traffic and bypass
authentication by replaying it to the server in question to the same effect as
the original message (or with minor changes).