Statements (22)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:software_weakness
|
| gptkbp:affects |
web applications
file system operations |
| gptkbp:cause |
information disclosure
arbitrary file access modification of files |
| gptkbp:describes |
Improper limitation of a pathname to a restricted directory, also known as 'Path Traversal', occurs when an application does not properly neutralize sequences such as '../' in user-supplied input.
|
| gptkbp:documentedIn |
https://cwe.mitre.org/data/definitions/22.html
|
| gptkbp:example |
../../etc/passwd
|
| gptkbp:hasCWE |
gptkb:CWE-22
|
| gptkbp:mitigatedBy |
implement allow-lists for file paths
use safe API functions validate and sanitize user input |
| gptkbp:name |
Path Traversal
|
| gptkbp:partOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:relatedTo |
CWE-23 (Relative Path Traversal)
CWE-36 (Absolute Path Traversal) |
| gptkbp:usedBy |
security researchers
penetration testers |
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-22 (Path Traversal)
|