Code Security Finding: Path/Directory Traversal (CWE-22, High Severity) in UnrestrictedExtensionUploadServlet.java:135

[joshn-whitesource-app]

Code Security Finding

This finding was first detected on 2023-12-06 01:34pm GMT and is still present in the last scan performed on 2024-02-15 10:26pm GMT:

Severity	Vulnerability Type	CWE	File	Data Flows
High	Path/Directory Traversal	CWE-22	UnrestrictedExtensionUploadServlet.java:135	1
Vulnerable Code easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java Lines 130 to 135 in b9f2abf image.setRGB(x, y, p); } } // Output the image ImageIO.write(image, "png", new File(fileName)); 1 Data Flow/s detected Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet 🏴 Suppress Finding ... as False Alarm ... as Acceptable Risk