IT admin receives an alert regarding an employee's web activity in which requested addresses are not written in plaintext, but contain entries such as $\%2$e$\%2$e$\%2$f$\%2$e$\%2$e$\%2$f$\%2$e$\%2$e$\%2$f$.$ What could this employee be attempting to do$?($Select the two best options.$)$

A$.$Command injection attack

B$.$Directory traversal attack

C$.$Canonicalization attack

D$.$Injection attack