Improper limitation of a pathname to a restricted directory ('Path Traversal')
ID |
scala.inject.scala_inject_rule_spotbugspathtraversalabsolute |
Severity |
low |
Resource |
Inject |
Language |
Scala |
Description
"The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. See http://cwe.mitre.org/data/definitions/36.html for more information."
Rationale
"The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. See http://cwe.mitre.org/data/definitions/36.html for more information."
Remediation
Follow secure coding practices and review the references below for detailed remediation guidance.
References
-
OWASP Top 10 2021 - A5 : Broken Access Control.
-
OWASP Top 10 2021 - A01 : Broken Access Control.