Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
When extracting files from a zip archive, the code joins the archive’s file names directly with the target directory without validating the file paths. This allows zip entries with path traversal sequences (like ‘../’) to escape the intended extraction folder.
Impact#
An attacker could craft a zip file that writes files outside the target directory, potentially overwriting critical system files or injecting malicious files elsewhere on the server. This could lead to data loss, unauthorized code execution, or compromise of the server.