path-traversal
Safeguard articles tagged "path-traversal" — guides, analysis, and best practices for software supply chain and application security.
42 articles
How Snyk Code detects path traversal vulnerabilities thro...
How Snyk Code uses interprocedural data-flow tracing—not regex matching—to catch path traversal (CWE-22) by connecting tainted sources to file-system sinks.
CVE-2021-29425: The Commons IO Path Traversal Bug
CVE-2021-29425 shows how a single unhandled case in Apache Commons IO's path normalization let attackers slip past directory checks that assumed a canonicalized path was actually safe.
CVE-2022-24785: The Moment.js Path Traversal, Explained
A user-controlled locale string was all it took: how CVE-2022-24785 let attackers traverse paths through Moment.js locale loading on Node.js, and why the fix is a one-line upgrade.
OWASP Path Traversal: How It Works and How to Stop It
Path traversal lets an attacker reach files outside a web app's intended directory using sequences like ../../etc/passwd — here's how it works and the fixes that actually close it.
Path Traversal in Dependency Installation: Writing Files Where They Should Not Go
Package archives can contain path traversal sequences that write files outside the expected directory. Most developers never check for this.
Apache HTTP Server CVE-2021-41773: A Path Traversal Bug That Should Have Been Caught in Code Review
CVE-2021-41773 allowed path traversal and RCE on Apache HTTP Server 2.4.49. The fix was incomplete, leading to CVE-2021-42013 days later. A lesson in patching under pressure.