10 lines
372 B
Plaintext
10 lines
372 B
Plaintext
==== Partial Path Traversal
|
|
|
|
When validating untrusted paths by checking if they start with a trusted folder name,
|
|
**ensure the validation strings all contain a path separator as the last
|
|
character**. +
|
|
A partial path traversal vulnerability can be unintentionally introduced into
|
|
the application without a path separator as the last character of the
|
|
validation strings.
|
|
|