Hunting Path Traversal in Open Source

Ever wonder if path traversal bugs are a thing of the past? In this talk, we’ll see how one advisory led me to discover multiple vulnerabilities across various open-source projects. I’ll walk through how I tested both unprotected and “defended” systems, collaborated with maintainers on fixes, sometimes even writing them, and uncovered issues with weak sanitizers. Expect practical tips, lessons learned, and ideas for better security reporting so you can spot and fix path traversal flaws before they become major issues.