CX Absolute_Path_Traversal @ src/main/webapp/vulnerability/idor/download.jsp [refs/heads/master]

**Absolute_Path_Traversal** issue exists @ **src/main/webapp/vulnerability/idor/download.jsp** in branch **refs/heads/master**

*Method request.getParameter at line 11 of src\main\webapp\vulnerability\idor\download.jsp gets dynamic data from the &quot;&quot;file&quot;&quot; element. This element&rsquo;s value then flows through the code and is eventually used in a file path for local disk access in = at line 18 of src\main\webapp\vulnerability\idor\download.jsp. This may cause a Path Traversal vulnerability.*

Severity: Medium

CWE:36

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/36.html)

[Checkmarx](https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1007325&projectid=1350&pathid=79)

[Training](null)
[Recommended Fix](https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=1670&queryVersionCode=68121957&queryTitle=Absolute_Path_Traversal)

Lines: 11 

---
[Code (Line #11):](null#L11)
```
            filePath = request.getParameter("file");
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Absolute_Path_Traversal @ src/main/webapp/vulnerability/idor/download.jsp [refs/heads/master] #198

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX Absolute_Path_Traversal @ src/main/webapp/vulnerability/idor/download.jsp [refs/heads/master] #198

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions