CVE-2024-0550: Path Traversal From Db To Path Join
Detected a dynamically constructed file path using data from database reads or HTTP requests without proper sanitization. An attacker may manipulate the filename payload to traverse directory boundaries (Path Traversal), leading to arbitrary file read or restricted file deletion. Ensure paths are sanitized (e.g. using a dedicated path normalization/validatio
JSgreprules fetch cve-2024-0550-path-traversal-from-db-to-path-join --engine opengrepDescription
Detected a dynamically constructed file path using data from database reads or HTTP requests without proper sanitization. An attacker may manipulate the filename payload to traverse directory boundaries (Path Traversal), leading to arbitrary file read or restricted file deletion. Ensure paths are sanitized (e.g. using a dedicated path normalization/validatio
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0