CVE-2026-41245: Path Traversal Partial Prefix
Checking if a path starts with another path's canonical or absolute path using `String.startsWith()` is vulnerable to partial path traversal (often called a Zip Slip variant). An attacker can use a sibling directory sharing the same prefix (e.g., `/app/data_evil` vs `/app/data`). Ensure that you append a directory separator (e.g., `File.separator`) to the in
Javaβgreprules fetch cve-2026-41245-path-traversal-partial-prefix --engine opengrepDescription
Checking if a path starts with another path's canonical or absolute path using `String.startsWith()` is vulnerable to partial path traversal (often called a Zip Slip variant). An attacker can use a sibling directory sharing the same prefix (e.g., `/app/data_evil` vs `/app/data`). Ensure that you append a directory separator (e.g., `File.separator`) to the in
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0