CX Absolute_Path_Traversal @ webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java [develop]

Absolute_Path_Traversal issue exists @ webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java in branch develop

Method main at line 48 of webgoat-lessons\challenge\src\main\java\org\owasp\webgoat\challenges\challenge7\MD5.java gets dynamic data from the args element. This element’s value then flows through the code and is eventually used in a file path for local disk access in main at line 48 of webgoat-lessons\challenge\src\main\java\org\owasp\webgoat\challenges\challenge7\MD5.java. This may cause a Path Traversal vulnerability.

Severity: Medium

CWE:36

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 48

Code (Line #48):

    public static void main(String[] args) {

mgonzalezcx / WebGoat

CX Absolute_Path_Traversal @ webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java [develop] #16