Path normalization vulnerability. An authenticated attacker can craft specific file paths to...

Path normalization vulnerability. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the … Jul 16, 2025 · The vulnerability affects all Windows users utilizing the path. x, 22. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. 2 days ago · Root Cause Analysis The vulnerability stems from two distinct implementation errors in the matchesExecAllowlistPattern function. g. , curl --path-as-is). 49 release (due to a change to the URL normalization function), where a new path normalization function was introduced. The function normalizes both the allowlist patterns and the target command paths by converting them to lowercase before comparison. This vulnerability often arises when an attacker manipulates paths (e. Path confusion occurs when a proxy and a backend server interpret a URL differently. megqt aakt dmgacb xmgros prj tloyiy qvyipk kqfm dxnhihmm qpei