Code Security Finding: Path/Directory Traversal (CWE-22, High Severity) in UnrestrictedExtensionUploadServlet.java:110 #76
Labels
Mend: code security findings
Code security findings detected by Mend
Code Security Finding
This finding was first detected on 2023-12-06 01:34pm GMT and is still present in the last scan performed on 2024-02-15 10:26pm GMT:
CWE-22
UnrestrictedExtensionUploadServlet.java:110
Vulnerable Code
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Lines 105 to 110 in b9f2abf
1 Data Flow/s detected
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 69 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 76 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 56 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 76 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 106 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 110 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 110 in b9f2abf
easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 110 in b9f2abf
Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Path/Directory Traversal Training
● Videos
▪ Secure Code Warrior Path/Directory Traversal Video
● Further Reading
▪ OWASP Path Traversal
▪ OWASP Input Validation Cheat Sheet
🏴 Suppress Finding
The text was updated successfully, but these errors were encountered: