Path Traversal High

Allowing external input to control or influence file paths enables malicious actors to traverse outside permitted directories and access unintended files through manipulated paths. User input should never be directly concatenated into filesystem paths. Input requires strict validation and sanitization before usage in file operations. Recommended mitigations include whitelisting allowed paths/filenames, restricting access with chroot, and preventing path traversal sequences like '../'. Adding input validation helps prevent unauthorized file access through directory traversal attacks.

Detector ID
go/path-traversal@v1.0
Category
Common Weakness Enumeration (CWE) external icon