path-traversal
Safeguard articles tagged "path-traversal" — guides, analysis, and best practices for software supply chain and application security.
42 articles
Zip Slip: archive extraction path traversal explained
Zip Slip lets malicious archives write files outside their extraction folder via ../ paths — how it works, real CVEs, and how to detect and fix it.
What is Path Traversal
Path traversal (CWE-22) lets attackers escape a web root using ../ sequences to read or write arbitrary files. Here's how it works, real breaches, and fixes.
What is Directory Traversal
Directory traversal (CWE-22) lets attackers use ../ sequences to read or write files outside a web app's root directory. Here's how it works.
What is Zip Slip Vulnerability
Zip Slip lets attackers escape archive extraction via path traversal to overwrite files and gain code execution. Here's how it works and how to stop it.
ScreenConnect CVE-2024-57727 Path Traversal Detailed
CVE-2024-57727 is a path traversal in ConnectWise ScreenConnect enabling arbitrary file read on self-hosted instances. Chain, detection, and patching.
Apache Struts CVE-2024-53677: The Path Traversal RCE
CVE-2024-53677 lets attackers abuse Struts file upload parameter pollution to plant webshells. Here is the chain, detection logic, and patch guidance.
Python tarfile extraction path traversal, the 15-year-old flaw (CVE-2007-4559)
CVE-2007-4559, a path traversal flaw in Python's tarfile module, still lurks in hundreds of thousands of repos. Here's the impact, timeline, and fix.
Django admin ChangeList path traversal (CVE-2021-33203)
CVE-2021-33203 is a staff-only path traversal in Django's admindocs TemplateDetailView. Here's what's affected, its CVSS/EPSS profile, and how to remediate it.
Path traversal vulnerabilities explained with real-world examples
Path traversal (CWE-22) has powered CVEs from Apache to Citrix to F5. Here's how it works, real breaches, and how to stop it.
node-tar Second Bypass Enabling Arbitrary File Write (CVE...
CVE-2021-32804 let crafted tar archives bypass node-tar path sanitization, enabling arbitrary file writes during npm package extraction.
node-tar Windows-Specific Path Traversal Bypass (CVE-2021...
CVE-2021-37712 let malicious tar archives bypass node-tar's symlink protections on Windows via junctions, enabling path traversal during npm installs. Here's what to patch.
Argo CD Path Traversal via Malicious Helm Chart values.ya...
CVE-2022-24348 let attackers use a malicious Helm chart to path-traverse Argo CD's repo-server, exposing secrets across GitOps applications. Here's the fix.