Possible path traversal vulnerability detected


Allowing unsanitized user input in path resolution methods means an attacker could gain access to files and folders outside of the intended scope.


❌ Avoid wherever possible

✅ Sanitize user input when resolving paths, for example: Use FilenameUtils.getName() to mitigate against unwanted patterns in the path (such as \..\..)

  public class Cls extends HttpServlet

public void handleRequest(HttpServletRequest request, HttpServletResponse response)
String image = request.getParameter("user_profile_picture");
File file = new File("user/profile/" + FilenameUtils.getName(image));


Associated CWE

OWASP Top 10

Ready to take the next step? Join the Bearer Cloud waitlist.