SYM_JSTS_0102 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code uses user-provided input as a file path with Node.js 'fs' functions without proper validation. This allows attackers to manipulate file paths, potentially accessing or modifying unintended files on the server.
Impact
If exploited, an attacker could read, overwrite, or delete sensitive files outside the intended directory, leading to data breaches, loss of critical information, or system compromise. This can expose confidential data and disrupt application functionality.