DEPRECATED: Often Misused: Path Manipulation
This entry has been deprecated. Its content was unclear and combined multiple security issues. Most relevant information has been moved to CWE-785.
This entry was retired primarily due to confusion around the term 'Path Manipulation.' Different security tools and researchers used this same label for completely different problems—from controlling file paths (CWE-73) to buffer management issues. This made it difficult for developers to find consistent guidance, so the entry was split to improve clarity. The second reason for deprecation was that it unintentionally merged two distinct weaknesses. It focused on path-conversion functions that could cause buffer overflows, but also included cases where pathnames were truncated without overflowing buffers—a separate information loss issue. Moving forward, these concepts are addressed in more specific entries to provide better, actionable security advice.