9 lines
368 B
Plaintext
9 lines
368 B
Plaintext
==== Partial Path Traversal
|
|
|
|
When validating untrusted paths by checking if they start with a trusted folder name,
|
|
**ensure the validation string contains a path separator as the last character**. +
|
|
A partial path traversal vulnerability can be unintentionally introduced into
|
|
the application without a path separator as the last character of the
|
|
validation strings.
|
|
|