The software uses external input to construct a pathname that
					is intended to identify a file or directory that is located underneath a
					restricted parent directory, but the software does not properly neutralize
					special elements within the pathname that can cause the pathname to resolve to a
					location that is outside of the restricted directory.Many file operations are intended to take place within a restricted
						directory. By using special elements such as ".." and "/" separators,
						attackers can escape outside of the restricted location to access files or
						directories that are elsewhere on the system. One of the most common special
						elements is the "../" sequence, which in most modern operating systems is
						interpreted as the parent directory of the current location. This is
						referred to as relative path traversal. Path traversal also covers the use
						of absolute pathnames such as "/usr/local/bin", which may also be useful in
						accessing unexpected files. This is referred to as absolute path
						traversal.In many programming languages, the injection of a null byte (the 0 or NUL)
						may allow an attacker to truncate a generated filename to widen the scope of
						attack. For example, the software may add ".txt" to any pathname, thus
						limiting the attacker to text files, but a null injection may effectively
						remove this restriction.