java cwe 73 - SERP Analysis

https://www.veracode.com/security/java/cwe-73/

https://cwe.mitre.org/data/definitions/73.html

https://community.veracode.com/s/article/how-do-i-fix-cwe-73-external-control-of-file-name-or-path-in-java

https://stackoverflow.com/questions/50846446/how-to-resolve-external-control-of-file-name-or-path-cwe-id-73

https://veracode.my.site.com/CustomerCommunity/s/question/0D53n00008MnDUYCA3/how-to-resolve-external-control-of-file-name-or-path-cwe-id73-ftpclient-class-and-ftpclientobjectlistfilesdynamicpath-dynamic-path-in-java-code

https://www.appknox.com/blog/how-to-fix-cwe-73-external-control-of-filename-or-path

https://veracode.my.site.com/CustomerCommunity/s/question/0D5Uf00000ChcPvKAJ/veracode-cwe73-issue-in-java-code

https://www.appknox.com/cyber-security-jargons/how-to-fix-cwe-73-external-control-of-filename-or-path

https://gainjavaknowledge.medium.com/how-to-fix-veracode-external-control-of-file-name-or-path-cwe-id-73-5ce4c6827cc7

https://www.appmarq.com/public/security,7752,Avoid-file-path-manipulation-vulnerabilities-CWE-73-

https://github.com/icsharpcode/SharpZipLib/issues/569

https://www.youtube.com/watch?v=1JMnPHEKINc

https://gitlab.com/julz0815/verademo/-/issues/747

https://developercommunity.visualstudio.com/content/problem/713386/veracode-cwe-73-external-control-of-file-name-or-p.html

https://github.com/lz4/lz4-java/issues/177

https://community.sonarsource.com/t/sonarqube-cwe-coverage-appears-lower-in-8-4-than-7-9/30875

https://community.blackduck.com/s/question/0D52H000059TUNRSA4/is-there-a-way-to-apply-nottainted-annotations-for-java-methods

https://community.sonarsource.com/t/list-of-supported-cwe-issues-from-sonarqube/28207

https://docs.sec1.io/user-docs/4-sast/2-java/unsanitized-user-input-in-file-path

https://docs.guardrails.io/docs/vulnerabilities/runtime/insecure_file_management

https://supportcenter.devexpress.com/ticket/details/t130343/cwe-331-insufficient-entropy-devexpress-docs-v13-1-dll-void-init-73

https://cvefeed.io/cwe/detail/cwe-73-external-control-of-file-name-or-path

https://docs.bearer.com/reference/rules/java_lang_path_using_user_input/

https://cwe.mitre.org/data/definitions/22.html

https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594

https://docs.mend.io/legacy-sast/latest/capec-cwe-coverage

https://feedly.com/cve/cwe/73

https://portswigger.net/kb/issues/00200351_local-file-path-manipulation-reflected-dom-based

https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-8400751

https://docs.sec1.io/user-docs/4-sast/2-java/unsanitized-use-of-fileupload-filename

https://www.clouddefense.ai/cwe/definitions/1403

https://nvd.nist.gov/vuln/detail/CVE-2025-1686

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/assets/CodeQuality-rules-latest-CS-2024-12-0.xlsx?lang=en

https://docs.mend.io/platform/latest/hipaa-cwe-coverage

https://help.klocwork.com/2024/en-us/concepts/cweidsmappedtoklocworkjavacheckers.htm

https://developer.android.com/privacy-and-security/risks/untrustworthy-contentprovider-provided-filename

https://www.opencve.io/cve?cwe=CWE-73

https://cloud.tencent.com/developer/ask/sof/106766116

https://www.blackduck.com/static-analysis-tools-sast/cwe.html

https://owasp.org/Top10/A03_2021-Injection/

https://jfrog.com/help/r/jfrog-security-user-guide/products/advanced-security/features-and-capabilities/sast/list-of-sast-rules

https://medium.com/%40sahildari/sast-series-part-1-a7cf18df0022

https://www.cvedetails.com/cwe-details/73/External-Control-of-File-Name-or-Path.html

https://www.appmarq.com/public/security,8506,Avoid-file-path-manipulation-vulnerabilities-through-API-requests

https://582328.fs1.hubspotusercontent-na1.net/hubfs/582328/GrammaTech-Files/CWE_JAVA_7.3.pdf

https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-ibm-websphere-application-server-liberty-openssl-libcurl-ibm-java-and-ibm-storage-protect-backup-archive-client-may-affect-ibm-storage-protect-backup-archive-client

https://docs.bearer.com/reference/rules/

https://quark-engine.readthedocs.io/en/v23.9.1/quark_script.html

https://www.imagix.com/user_guide/cwe-_common-weakness-enumeration_.html

https://www.ibm.com/support/pages/node/7173466

https://samate.nist.gov/SARD/test-suites/87?limit=25&page=898

https://portswigger.net/kb/issues/00200350_local-file-path-manipulation-dom-based

https://docs.horusec.io/docs/cli/analysis-tools/open-source-horusec-engine/horusec-java/

https://groups.google.com/g/sqlcipher/c/6P5JjDDiREo

https://find-sec-bugs.github.io/bugs.htm

https://www.youtube.com/watch?v=OL0GFa7Gmp0

https://svenruppert.com/2024/05/21/cwe-22-improper-limitation-of-a-pathname-to-a-restricted-directory/

https://sonarsource.atlassian.net/browse/RSPEC-1873

https://juejin.cn/post/7306459858126536754

https://chenweixiang.github.io/docs/CWE_List_v3.1.pdf

https://www.coresecurity.com/core-labs/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities

https://www.duo.uio.no/bitstream/handle/10852/79730/1/Master-Thesis---Java-Deserialization-Vulnerabilities---Sondre-Fingann.pdf

https://cloud.tencent.com/developer/ask/sof/116010592

https://blog.csdn.net/weixin_44320027/article/details/134679428

https://next.sonarqube.com/sonarqube/project/issues?branch=branch-25.1&files=server%2Fsonar-db-dao%2Fsrc%2Fmain%2Fjava%2Forg%2Fsonar%2Fdb%2FMyBatisConfBuilder.java&issueStatuses=OPEN%2CCONFIRMED&impactSoftwareQualities=MAINTAINABILITY&id=sonarqube

https://yaogroup.cs.vt.edu/papers/ICSE2018-Stackoverflow-Java-Secure-Coding.pdf

https://vulncat.fortify.com/ko/weakness?kingdom=Input%2BValidation%2Band%2BRepresentation%3BSecurity%2BFeatures%3BCode%2BQuality%3BEnvironment&category=ASP.NET%2BMisconfiguration%3BAccess%2BControl%3BAccess%2BSpecifier%2BManipulation%3BAcegi%2BMisconfiguration%3BAxis%2B2%2BMisconfiguration%3BAxis%2BService%2BRequester%2BMisconfiguration%3BBean%2BManipulation%3BBiometric%2BAuthentication%3BCakePHP%2BMisconfiguration%3BClassLoader%2BManipulation%3BCode%2BCorrectness%3BCommand%2BInjection%3BCompliance%2BFailure%3BConnection%2BString%2BParameter%2BPollution%3BCredential%2BManagement%3BCross-Client%2BData%2BAccess%3BCross-Frame%2BScripting%3BCross-Session%2BContamination%3BCross-Site%2BScripting%3BCross-Site%2BWebSocket%2BHijacking%3BDangerous%2BField%3BDangerous%2BFunction%3BDangerous%2BType%3BDeserialization%2BBad%2BPractice%3BDjango%2BBad%2BPractices%3BDouble%2BFree%3BExposure%2Bof%2BPOST%2BParameters%2Bin%2BGET%2BRequest%3BFile%2BDisclosure%3BFlash%2BBad%2BPractices%3BFlash%2BMisconfiguration&cwe=CWE%2BID%2B158%3BCWE%2BID%2B474%3BCWE%2BID%2B486%3BCWE%2BID%2B578

https://ioactive.com/hacking-java-debug-wire-protocol-or-how/

https://www.diva-portal.org/smash/get/diva2:1707588/FULLTEXT01.pdf

https://projectdiscovery.io/blog/crushftp-authentication-bypass

https://media.blackhat.com/bh-ad-11/Drake/bh-ad-11-Drake-Exploiting_Java_Memory_Corruption-Slides.pdf

https://www.cis.upenn.edu/~alur/LLM4Security24.pdf

https://www.ccny.cuny.edu/engineering/admission-0?srsltid=AfmBOopV1Z01rbYKBwmpishTyUcRHBmgdkRWnBDRgUP6oHlh71wLS3lr

https://tech-info.biz-tech-insights.com/whitepaper/Akamai-Q1-EN-2.pdf

https://www.infosec.aueb.gr/Publications/SECRYPT-2015%20Book%20Chapter%20ICETE.pdf

https://help.qlik.com/talend/en-US/patch-notes/8.0/r2024-06

https://jvndb.jvn.jp/ja/cwe/CWE-73.html

https://securityboulevard.com/2018/07/what-you-think-you-know-about-the-owasp-top-10-may-be-wrong/

https://cert.gov.ru/upload/iblock/e8e/ptke6j4keyipm45pfi3p9puhvotuwsnw.pdf

https://sonarqube.inria.fr/sonarqube/project/issues?files=src%2Fmain%2Fjava%2Ffr%2Finria%2Ftapenade%2Frepresentation%2FNewSymbolHolder.java&issueStatuses=OPEN%2CCONFIRMED&open=AXUCNZp8bZ-asQNhhL2J&id=ecuador%3Atapenade%3Av3.16

https://nsss.se/wp-content/uploads/piotr-karwasz-20240918-log4j.pdf

https://dl.acm.org/doi/fullHtml/10.1145/3590777.3590780

https://bdu.fstec.ru/search/index?q=%5B%2BSite%3A%2BSig8.com%2B%5D%2Camerican%2Bconsumer%2Bopinion%2Bpay%2Cbest%2Bpaying%2Bonline%2Bsurvey%2Bsites%2Cinternational%2Bsurvey%2Bsites%2Cfast%2Bpayout%2Bsurveys%2Cparticipate%2Bin%2Bonline%2Bresearch%2Bstudies%2Conline%2Bsurveys%2Bto%2Bearn%2Bmoney%2Bfor%2Bstudents%2Clegitimate%2Bsurvey%2Bsites%2Cremote%2Bpaid%2Bresearch%2Bstudies%2Cgcash%2Bsurvey%2Blegit%2Copinion%2Bsurveys%2Bfor%2Bmoney%2C&size=50&page=19

https://tadviser.com/index.php/Product:Solar_appScreener_(formerly_Solar_inCode)

https://www.e2encrypted.com/tags/cve/

https://svenruppert.com/2024/05/22/cwe-22-best-practices-to-use-java-nio/

https://arxiv.org/pdf/2406.11326

https://isomer-user-content.by.gov.sg/36/e9a22b32-28b3-4473-b59c-11e7a19b5328/01-February-2023.pdf

https://bdu.fstec.ru/search/index?q=red%2Bhat&size=100&FrUWewCC=DXa15yUCNXjJg&page=26

https://www.clouddefense.ai/cwe/definitions/73

https://cn-sec.com/archives/category/%E5%AE%89%E5%85%A8%E6%96%87%E7%AB%A0/%E5%AE%89%E5%85%A8%E7%99%BE%E7%A7%91/cwe%E5%BC%B1%E7%82%B9%E6%9E%9A%E4%B8%BE/page/89

https://www.tiktok.com/discover/website-untuk-tengok-company-toxic

https://www.heise.de/en/background/Secure-coding-Prevent-unauthorized-access-through-path-traversal-CWE-22-9994863.html?seite=2

https://www.tiktok.com/%40ming.loka2/video/7510953329447488775

https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/cwe-tests/-/merge_requests/25

https://www.tiktok.com/%40offc.223avalanche/video/7510134986482175238

https://cn-sec.com/archives/3777331.html