VYPR

CWE-30

Path Traversal: '\dir\..\filename'

VariantDraft

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\dir\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (1)

  • CVE-2025-54386Aug 1, 2025
    risk 0.00cvss epss 0.01

    Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file…