Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description: The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Tool Description: Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
A critical severity vulnerability has been discovered in your project.
Project Name: IssueTest
Scanner Name: trivy
Cwe ID: 22
Cwe Name: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
Cwe Link: https://cwe.mitre.org/data/definitions/22.html
CVE ID: CVE-2022-1664
Target: nginx:latest (debian 11.3)
Packages:
References:
Training(Secure Code Warrior):
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description: The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection/pathtraversal
Videos:
Tool Description: Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Custom Description: NEW ENDPOINT TEST