secure-code-warrior-for-github[bot]
commented
1 year ago Micro-Learning Topic: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE 22)
Matched on "CWE-22"
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Try a challenge in Secure Code Warrior
Helpful references
- OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
- OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.
CWE-22 Check