ESAPI on Sven Rupperthttps://sven-ruppert.info/tags/esapi/Recent content in ESAPI on Sven RuppertHugo -- gohugo.ioensven.ruppert@gmail.com (Sven Ruppert)sven.ruppert@gmail.com (Sven Ruppert)© 2026 Sven RuppertTue, 21 May 2024 14:33:53 +0000CWE-22: Improper Limitation of a Pathname to a Restricted Directoryhttps://sven-ruppert.info/posts/cwe-22-improper-limitation-of-a-pathname-to-a-restricted-directory/Tue, 21 May 2024 14:33:53 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/cwe-22-improper-limitation-of-a-pathname-to-a-restricted-directory/<p>CWE-22, commonly called &ldquo;Path Traversal,&rdquo; is a vulnerability when an application fails to appropriately limit the paths users can access through a user-provided input. This can allow attackers to access directories and files outside the intended directory, leading to unauthorised access and potential system compromise. This vulnerability is particularly significant in Java applications due to the ubiquitous use of file handling and web resources. This document will delve into the nature of CWE-22, its implications, exploitation methods, and, most importantly, strategies to mitigate such vulnerabilities in Java applications.</p>