Security News > 2024 > May > CISA urges software devs to weed out path traversal vulnerabilities
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.
Attackers can exploit path traversal vulnerabilities to create or overwrite critical files used to execute code or bypass security mechanisms like authentication.
"Vulnerabilities like directory traversal have been called 'unforgivable' since at least 2007. Despite this finding, directory traversal vulnerabilities are still prevalent classes of vulnerability."
Path vulnerabilities took the eighth spot in MITRE's top 25 most dangerous software weaknesses, surpassed by out-of-bounds write, cross-site scripting, SQL injection, use-after-free, OS command injection, and out-of-bound read flaws.
In March, CISA and the FBI issued another "Secure by Design" alert urging executives of software manufacturing companies to implement mitigations to prevent SQL injection security vulnerabilities.
CISA urges software devs to weed out SQL injection vulnerabilities.