Category

Cwe 22

Security vulnerabilities and automated fixes for cwe 22 issues

8 posts found

high8 min

How URL-Encoded Path Traversal happens in Python nltk.data.load() and how to fix it

CVE-2026-54293 is a high-severity path traversal vulnerability in NLTK's `nltk.data.load()` function that allows attackers to read arbitrary local files by supplying URL-encoded path sequences. The fix pins NLTK to version 3.10.0 or later via a constraint dependency in `pyproject.toml`, preventing the vulnerable version from being resolved transitively through `rouge-score` and `lm-eval`. Because this project is a web service, the vulnerability was directly exploitable by remote attackers withou

#path-traversal#python#nltk+4 more
O
orbisai0security
Jul 10, 2026
critical6 min

How path traversal happens in Python os.path and how to fix it

A critical path traversal vulnerability in the TRL backend allowed attackers to read arbitrary system files like `/etc/passwd` and `/proc/self/environ` through the gRPC fine-tuning API. The `_do_training` method passed user-controlled `dataset_source` directly to `os.path.exists()` and `load_dataset()` without validation. The fix implements strict directory containment checks using `os.path.realpath()` to ensure all file operations stay within allowed directories.

#security#path-traversal#python+4 more
O
orbisai0security
Jun 22, 2026
medium5 min

How path traversal happens in C file extraction and how to fix it

A path traversal vulnerability in the borpak archive extraction tool allowed attackers to write files to arbitrary locations on the filesystem by crafting malicious .pak archives with `../` sequences in filenames. This medium-severity issue in `tools/borpak/source/borpak.c` could enable system compromise through overwriting critical files like `.bashrc` or cron jobs. The fix implements path validation to ensure extracted files never escape the intended extraction directory.

#security#path-traversal#c+4 more
O
orbisai0security
Jun 7, 2026
high7 min

How path traversal in open() happens in Python and how to fix it

A high-severity path traversal vulnerability was discovered in `tool/update-doc.py`, where user-controlled input was passed directly to Python's `open()` function without sanitization. This flaw could allow an attacker to read arbitrary files on the server by manipulating the file path. The fix ensures that file paths are validated and restricted to an intended directory before being opened.

#path-traversal#python#file-security+4 more
O
orbisai0security
Jun 6, 2026
critical9 min

Path Traversal in ZMODEM Receiver: How a Missing basename() Call Could Overwrite Your SSH Keys

A critical path traversal vulnerability in a ZMODEM file receiver allowed a malicious sender to supply crafted filenames containing directory traversal sequences (like `../../.ssh/authorized_keys`), causing the receiver to write file contents to arbitrary locations on the filesystem. The fix strips path separators and validates filenames before use, ensuring received files can only be written to the intended download directory. This class of vulnerability is a stark reminder that any input origi

#path-traversal#c-cpp#file-security+4 more
O
orbisai0security
May 28, 2026
critical12 min

Path Traversal in TFTP Server: How Directory Traversal Bugs Enable Arbitrary File Writes

A critical path traversal vulnerability (CWE-22) was discovered and patched in a TFTP server implementation where unsanitized filenames in write requests could allow attackers to overwrite arbitrary files on the host filesystem. This post breaks down how the vulnerability worked, how it was exploited, and what developers can do to prevent similar issues in their own code.

#security#path-traversal#cwe-22+4 more
O
orbisai0security
May 19, 2026
critical7 min

Path Traversal Vulnerability Fixed in Hatch-Pet Scripts: A Deep Dive

A high-severity path traversal vulnerability was discovered and patched in the hatch-pet script suite, where unsanitized user input could allow attackers to read or overwrite sensitive files anywhere on the filesystem. The fix ensures that file paths are properly validated before use, preventing attackers from escaping the intended working directory. Understanding this class of vulnerability is essential for any developer working with file I/O and user-supplied input.

#security#path-traversal#python+4 more
O
orbisai0security
May 13, 2026
high8 min

Path Traversal in Patch Utilities: How a Missing Validation Let Attackers Write Anywhere

A high-severity path traversal vulnerability (CWE-22) was discovered and fixed in the `patch` utility's input handling code, where filenames derived from diff headers were passed directly to file operations without sanitization. An attacker supplying a crafted patch file could have written arbitrary content to any location on the filesystem — including sensitive system files like `/etc/sudoers` or cron jobs. This post breaks down how the vulnerability works, why it's dangerous, and how to preven

#path-traversal#cwe-22#patch-utility+4 more
O
orbisai0security
May 11, 2026