mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-07-25 06:35:21 +00:00
d79d179d80
**Pixee Fix ID:** [fb5fe72b-5b22-4654-a733-20930cb4f96a](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a) <details> <summary>Confidence: <b>HIGH</b></summary> Fix confidence is a rating derived from an internal benchmark and includes High, Medium, and Low confidence fixes. It comprises three weighted scores reflecting the safety, effectiveness and cleanliness of Pixee's code changes within a fix. [View Details in Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a) </details> --- ✨✨✨ ## Remediation This change fixes "java/PT" (id = java/PT) identified by Snyk. ## Details Path traversal is a security vulnerability that occurs when an attacker is able to access directories and files stored outside the intended directory. It bypasses security mechanisms by manipulating variables that reference files with `../` sequences. The fix involved adding validation for `pdfFile` and `watermarkImage` to check for directory traversal sequences, thereby preventing SecurityException occurrences. Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>