CWE-22 (Path Traversal)

GPTKB entity

Statements (22)
Predicate Object
gptkbp:instanceOf software weakness
gptkbp:affects web applications
file system operations
gptkbp:cause information disclosure
arbitrary file access
modification of files
gptkbp:describes Improper limitation of a pathname to a restricted directory, also known as 'Path Traversal', occurs when an application does not properly neutralize sequences such as '../' in user-supplied input.
gptkbp:documentedIn https://cwe.mitre.org/data/definitions/22.html
gptkbp:example ../../etc/passwd
gptkbp:hasCWE gptkb:CWE-22
https://www.w3.org/2000/01/rdf-schema#label CWE-22 (Path Traversal)
gptkbp:mitigatedBy implement allow-lists for file paths
use safe API functions
validate and sanitize user input
gptkbp:name Path Traversal
gptkbp:partOf gptkb:Common_Weakness_Enumeration
gptkbp:relatedTo CWE-23 (Relative Path Traversal)
CWE-36 (Absolute Path Traversal)
gptkbp:usedBy security researchers
penetration testers
gptkbp:bfsParent gptkb:Common_Weakness_Enumeration_(CWE)
gptkbp:bfsLayer 7