1 article with this tag
Path traversal mixes ../ into a filename input to escape the base directory and read/write .env, config, or keys. The real defense: never use user input as a raw file path, and normalize-then-confine inside an allowed base directory.