CWE-23
AllowedRelative Path Traversal
Abstraction: Base · Status: Draft
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
777 vulnerabilities reference this CWE, most recent first.
GHSA-X422-6QHV-P29G
Vulnerability from github – Published: 2023-04-28 00:30 – Updated: 2024-09-25 17:47Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mlflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-2356"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-01T13:43:17Z",
"nvd_published_at": "2023-04-28T00:15:08Z",
"severity": "HIGH"
},
"details": "Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.",
"id": "GHSA-x422-6qhv-p29g",
"modified": "2024-09-25T17:47:29Z",
"published": "2023-04-28T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2356"
},
{
"type": "WEB",
"url": "https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlflow/mlflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-68.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Relative path traversal in mlflow"
}
GHSA-X5W2-Q3RJ-2CPP
Vulnerability from github – Published: 2025-03-03 15:31 – Updated: 2026-04-01 18:33Relative Path Traversal vulnerability in NotFound Delete Comments By Status allows PHP Local File Inclusion. This issue affects Delete Comments By Status: from n/a through 2.1.1.
{
"affected": [],
"aliases": [
"CVE-2025-25130"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-03T14:15:52Z",
"severity": "HIGH"
},
"details": "Relative Path Traversal vulnerability in NotFound Delete Comments By Status allows PHP Local File Inclusion. This issue affects Delete Comments By Status: from n/a through 2.1.1.",
"id": "GHSA-x5w2-q3rj-2cpp",
"modified": "2026-04-01T18:33:54Z",
"published": "2025-03-03T15:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25130"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/delete-comments-by-status/vulnerability/wordpress-external-video-for-everybody-plugin-2-1-1-cross-site-scripting-xss-vulnerability-3?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X62R-P93V-PV79
Vulnerability from github – Published: 2025-07-28 18:31 – Updated: 2025-07-28 18:31In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
{
"affected": [],
"aliases": [
"CVE-2025-54531"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T17:15:32Z",
"severity": "HIGH"
},
"details": "In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows",
"id": "GHSA-x62r-p93v-pv79",
"modified": "2025-07-28T18:31:28Z",
"published": "2025-07-28T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54531"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X8Q6-CCHR-P7M6
Vulnerability from github – Published: 2025-02-23 15:30 – Updated: 2025-02-24 18:31A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is f46e47fd1f8455b9467d7ead3cdb0509115b2ef1. It is recommended to upgrade the affected component.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.noear:solon-web-staticfiles"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-1584"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-24T18:31:10Z",
"nvd_published_at": "2025-02-23T13:15:09Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is f46e47fd1f8455b9467d7ead3cdb0509115b2ef1. It is recommended to upgrade the affected component.",
"id": "GHSA-x8q6-cchr-p7m6",
"modified": "2025-02-24T18:31:10Z",
"published": "2025-02-23T15:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1584"
},
{
"type": "WEB",
"url": "https://github.com/opensolon/solon/issues/332"
},
{
"type": "WEB",
"url": "https://github.com/opensolon/solon/issues/332#issue-2866229828"
},
{
"type": "WEB",
"url": "https://github.com/opensolon/solon/issues/332#issuecomment-2674330700"
},
{
"type": "WEB",
"url": "https://github.com/opensolon/solon/commit/f46e47fd1f8455b9467d7ead3cdb0509115b2ef1"
},
{
"type": "PACKAGE",
"url": "https://github.com/opensolon/solon"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.296560"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.296560"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.504454"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Solon Path Traversal"
}
GHSA-X8WJ-6M73-GFQP
Vulnerability from github – Published: 2020-02-18 18:59 – Updated: 2021-01-08 20:30Impact
The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validating these parameters properly, OneupUploaderBundle is susceptible to a path traversal vulnerability which can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations.
The vulnerability can be exploited by any users that have legitimate access to the upload functionality and can lead to arbitrary code execution, denial of service and disclosure of confidential information.
Patches
Yes, see version 1.9.3 and 2.1.5.
References
https://owasp.org/www-community/attacks/Path_Traversal
Credits:
This security vulnerability was found by Thibaud Kehler of SySS GmbH. E-Mail: thibaud.kehler@syss.de
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "oneup/uploader-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "oneup/uploader-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.9.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5237"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2020-02-05T13:52:02Z",
"nvd_published_at": "2020-02-05T14:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe vulnerability was identified in the web service for a chunked file\nupload. While the names of the POST parameters vary with the used\nfrontend, their values are always used in the same way to build a path\nwhere the chunks are stored and assembled temporarily. By not validating\nthese parameters properly, OneupUploaderBundle is susceptible to a path\ntraversal vulnerability which can be exploited to upload files to\narbitrary folders on the filesystem. The assembly process can further be\nmisused with some restrictions to delete and copy files to other\nlocations.\n\nThe vulnerability can be exploited by any users that have legitimate\naccess to the upload functionality and can lead to arbitrary code\nexecution, denial of service and disclosure of confidential information.\n\n### Patches\nYes, see version 1.9.3 and 2.1.5.\n\n### References\nhttps://owasp.org/www-community/attacks/Path_Traversal\n\n### Credits:\nThis security vulnerability was found by Thibaud Kehler of SySS GmbH.\nE-Mail: thibaud.kehler@syss.de",
"id": "GHSA-x8wj-6m73-gfqp",
"modified": "2021-01-08T20:30:34Z",
"published": "2020-02-18T18:59:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/1up-lab/OneupUploaderBundle/security/advisories/GHSA-x8wj-6m73-gfqp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5237"
},
{
"type": "WEB",
"url": "https://github.com/1up-lab/OneupUploaderBundle/commit/a6011449b716f163fe1ae323053077e59212350c"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/oneup/uploader-bundle/CVE-2020-5237.yaml"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-003.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle"
}
GHSA-XC28-GW78-R3RV
Vulnerability from github – Published: 2024-10-16 15:32 – Updated: 2026-04-01 18:32: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1.
{
"affected": [],
"aliases": [
"CVE-2024-47637"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-16T14:15:06Z",
"severity": "HIGH"
},
"details": ": Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1.",
"id": "GHSA-xc28-gw78-r3rv",
"modified": "2026-04-01T18:32:01Z",
"published": "2024-10-16T15:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47637"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-4-1-path-traversal-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-4-1-path-traversal-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XC8G-QWX7-GCFR
Vulnerability from github – Published: 2025-10-24 00:30 – Updated: 2025-10-24 00:30A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version
4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.
{
"affected": [],
"aliases": [
"CVE-2025-62498"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-23T22:15:49Z",
"severity": "HIGH"
},
"details": "A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version \n\n4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.",
"id": "GHSA-xc8g-qwx7-gcfr",
"modified": "2025-10-24T00:30:53Z",
"published": "2025-10-24T00:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62498"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
},
{
"type": "WEB",
"url": "https://www.automationdirect.com/support/software-downloads"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XCPX-G9WM-FRG6
Vulnerability from github – Published: 2023-07-11 18:31 – Updated: 2024-04-04 05:57Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2023-34117"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T17:15:13Z",
"severity": "LOW"
},
"details": "Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.\n",
"id": "GHSA-xcpx-g9wm-frg6",
"modified": "2024-04-04T05:57:06Z",
"published": "2023-07-11T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34117"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XG3J-C7Q4-F9PH
Vulnerability from github – Published: 2026-06-19 06:31 – Updated: 2026-06-19 22:10Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/canonical/microceph/microceph"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260609072127-5c2760d8fb76"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-10720"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T22:10:23Z",
"nvd_published_at": "2026-06-19T06:17:00Z",
"severity": "MODERATE"
},
"details": "Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.",
"id": "GHSA-xg3j-c7q4-f9ph",
"modified": "2026-06-19T22:10:23Z",
"published": "2026-06-19T06:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10720"
},
{
"type": "WEB",
"url": "https://github.com/canonical/microceph/pull/758"
},
{
"type": "WEB",
"url": "https://github.com/canonical/microceph/commit/5c2760d8fb765d670e2673d3a537b67eae4b67c6"
},
{
"type": "PACKAGE",
"url": "https://github.com/canonical/microceph"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Canonical MicroCeph: path traversal issue in the remote-import AP"
}
GHSA-XHJH-M9VH-W983
Vulnerability from github – Published: 2022-05-17 05:16 – Updated: 2025-07-07 21:31Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
{
"affected": [],
"aliases": [
"CVE-2012-5972"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-23"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-01-17T16:55:00Z",
"severity": "MODERATE"
},
"details": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.",
"id": "GHSA-xhjh-m9vh-w983",
"modified": "2025-07-07T21:31:21Z",
"published": "2022-05-17T05:16:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5972"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-02"
},
{
"type": "WEB",
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20.1
Strategy: Input Validation
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
- Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
- realpath() in C
- getCanonicalPath() in Java
- GetFullPath() in ASP.NET
- realpath() or abs_path() in Perl
- realpath() in PHP
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-139: Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.