Safeguard
Tag

directory-traversal

Safeguard articles tagged "directory-traversal" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Vulnerability Guides

Path Traversal Vulnerability Prevention, Explained

One unvalidated filename and `../../../etc/passwd` reads files you never meant to expose — or worse, executes them. Here's how path traversal works and how to build file access that can't be tricked.

Jul 6, 20265 min read
Application Security

Preventing path traversal (directory traversal) attacks

Path traversal lets attackers read or write files outside a web app's directory using ../ sequences. Here's how it works and how to stop it.

May 29, 20267 min read
Vulnerability Analysis

What is Directory Traversal

Directory traversal (CWE-22) lets attackers use ../ sequences to read or write files outside a web app's root directory. Here's how it works.

Mar 30, 20267 min read
Vulnerability Analysis

What is Zip Slip Vulnerability

Zip Slip lets attackers escape archive extraction via path traversal to overwrite files and gain code execution. Here's how it works and how to stop it.

Mar 25, 20266 min read
Open Source Security

RubyGems 2019 Multi-CVE Disclosure: Directory Traversal v...

CVE-2019-8320 let malicious RubyGems packages delete arbitrary directories via symlinked gem decompression. Here's the impact, timeline, and how to remediate it.

Dec 5, 20258 min read
Open Source Security

Go's 'go get' Directory Traversal via GOPATH Package Path...

CVE-2018-16874: a directory traversal flaw in Go's go get let malicious GOPATH import paths with curly braces write files outside the workspace.

Nov 30, 20257 min read
Vulnerability Analysis

SaltStack Directory Traversal Paired With Auth Bypass (CV...

CVE-2020-11652, a directory traversal flaw in SaltStack's salt-master, paired with an auth bypass to enable full remote compromise. Impact, CVSS/KEV context, and fixes.

Nov 23, 20257 min read
Vulnerabilities

OWASP Path Traversal: How It Works and How to Stop It

Path traversal lets an attacker reach files outside a web app's intended directory using sequences like ../../etc/passwd — here's how it works and the fixes that actually close it.

May 14, 20245 min read
Vulnerability Analysis

Grafana CVE-2021-43798: Directory Traversal in Everyone's Favorite Dashboard Tool

CVE-2021-43798 allowed unauthenticated directory traversal in Grafana, exposing configuration files and credentials. Exploitation was trivial and widespread.

Dec 5, 20216 min read
directory-traversal — Safeguard Blog