VYPR

CWE-29

Path Traversal: '\..\filename'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (41)

page 3 of 3
  • CVE-2019-10743Oct 28, 2019
    risk 0.00cvss epss 0.07

    All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target…