Kick start your mastery of Path Traversal with free learning resources
What is this vulnerability?
Path Traversal vulnerabilities happen when an application fails to normalize a path before using it, allowing for the traversal to other unintended folders/files. In the case of the Apache HTTP server, they introduced a new path normalization function in 2.4.48 which did not correctly normalize encoded paths.
Where does this vulnerability usually arise?
When dealing with filenames/paths, you can run the risk of Path Traversal if you do not properly normalize the path. This should be done with a trusted function from the language/framework that you use, as they will take into account the different types of patterns that can lead to a Path Traversal vulnerability.