Code Security Finding: Path/Directory Traversal (CWE-22, High Severity) in UnrestrictedExtensionUploadServlet.java:110 #25
Labels
Mend: code security findings
Code security findings detected by Mend
Code Security Finding
This finding was first detected on 2024-02-16 01:29pm GMT and is still present in the last scan performed on 2024-02-16 01:58pm GMT:
CWE-22
UnrestrictedExtensionUploadServlet.java:110
Vulnerable Code
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Lines 105 to 110 in f83166e
1 Data Flow/s detected
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 69 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 76 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 56 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 57 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java
Line 59 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 76 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 84 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 106 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 110 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 110 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
Line 110 in f83166e
Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Path/Directory Traversal Training
● Videos
▪ Secure Code Warrior Path/Directory Traversal Video
● Further Reading
▪ OWASP Path Traversal
▪ OWASP Input Validation Cheat Sheet
🏴 Suppress Finding
The text was updated successfully, but these errors were encountered: