Safeguard
Tag

path-traversal

Safeguard articles tagged "path-traversal" — guides, analysis, and best practices for software supply chain and application security.

42 articles

Application Security

How Snyk Code detects path traversal vulnerabilities thro...

How Snyk Code uses interprocedural data-flow tracing—not regex matching—to catch path traversal (CWE-22) by connecting tainted sources to file-system sinks.

Sep 8, 20258 min read
Vulnerabilities

CVE-2021-29425: The Commons IO Path Traversal Bug

CVE-2021-29425 shows how a single unhandled case in Apache Commons IO's path normalization let attackers slip past directory checks that assumed a canonicalized path was actually safe.

Jun 17, 20244 min read
Vulnerabilities

CVE-2022-24785: The Moment.js Path Traversal, Explained

A user-controlled locale string was all it took: how CVE-2022-24785 let attackers traverse paths through Moment.js locale loading on Node.js, and why the fix is a one-line upgrade.

May 21, 20245 min read
Vulnerabilities

OWASP Path Traversal: How It Works and How to Stop It

Path traversal lets an attacker reach files outside a web app's intended directory using sequences like ../../etc/passwd — here's how it works and the fixes that actually close it.

May 14, 20245 min read
Software Supply Chain Security

Path Traversal in Dependency Installation: Writing Files Where They Should Not Go

Package archives can contain path traversal sequences that write files outside the expected directory. Most developers never check for this.

Sep 8, 20224 min read
Vulnerability Analysis

Apache HTTP Server CVE-2021-41773: A Path Traversal Bug That Should Have Been Caught in Code Review

CVE-2021-41773 allowed path traversal and RCE on Apache HTTP Server 2.4.49. The fix was incomplete, leading to CVE-2021-42013 days later. A lesson in patching under pressure.

Oct 12, 20216 min read
path-traversal (Page 4) — Safeguard Blog