Safeguard
Tag

path-traversal

Safeguard articles tagged "path-traversal" — guides, analysis, and best practices for software supply chain and application security.

42 articles

Vulnerability Analysis

Zip Slip: archive extraction path traversal explained

Zip Slip lets malicious archives write files outside their extraction folder via ../ paths — how it works, real CVEs, and how to detect and fix it.

May 3, 20267 min read
Vulnerability Analysis

What is Path Traversal

Path traversal (CWE-22) lets attackers escape a web root using ../ sequences to read or write arbitrary files. Here's how it works, real breaches, and fixes.

Mar 30, 20266 min read
Vulnerability Analysis

What is Directory Traversal

Directory traversal (CWE-22) lets attackers use ../ sequences to read or write files outside a web app's root directory. Here's how it works.

Mar 30, 20267 min read
Vulnerability Analysis

What is Zip Slip Vulnerability

Zip Slip lets attackers escape archive extraction via path traversal to overwrite files and gain code execution. Here's how it works and how to stop it.

Mar 25, 20266 min read
Vulnerability Analysis

ScreenConnect CVE-2024-57727 Path Traversal Detailed

CVE-2024-57727 is a path traversal in ConnectWise ScreenConnect enabling arbitrary file read on self-hosted instances. Chain, detection, and patching.

Jan 29, 20267 min read
Vulnerability Analysis

Apache Struts CVE-2024-53677: The Path Traversal RCE

CVE-2024-53677 lets attackers abuse Struts file upload parameter pollution to plant webshells. Here is the chain, detection logic, and patch guidance.

Jan 5, 20267 min read
Vulnerability Analysis

Python tarfile extraction path traversal, the 15-year-old flaw (CVE-2007-4559)

CVE-2007-4559, a path traversal flaw in Python's tarfile module, still lurks in hundreds of thousands of repos. Here's the impact, timeline, and fix.

Dec 29, 20258 min read
Vulnerability Analysis

Django admin ChangeList path traversal (CVE-2021-33203)

CVE-2021-33203 is a staff-only path traversal in Django's admindocs TemplateDetailView. Here's what's affected, its CVSS/EPSS profile, and how to remediate it.

Dec 28, 20257 min read
Vulnerability Analysis

Path traversal vulnerabilities explained with real-world examples

Path traversal (CWE-22) has powered CVEs from Apache to Citrix to F5. Here's how it works, real breaches, and how to stop it.

Dec 14, 20256 min read
Open Source Security

node-tar Second Bypass Enabling Arbitrary File Write (CVE...

CVE-2021-32804 let crafted tar archives bypass node-tar path sanitization, enabling arbitrary file writes during npm package extraction.

Dec 2, 20257 min read
Open Source Security

node-tar Windows-Specific Path Traversal Bypass (CVE-2021...

CVE-2021-37712 let malicious tar archives bypass node-tar's symlink protections on Windows via junctions, enabling path traversal during npm installs. Here's what to patch.

Dec 2, 20258 min read
DevSecOps

Argo CD Path Traversal via Malicious Helm Chart values.ya...

CVE-2022-24348 let attackers use a malicious Helm chart to path-traverse Argo CD's repo-server, exposing secrets across GitOps applications. Here's the fix.

Nov 24, 20257 min read
path-traversal (Page 2) — Safeguard Blog