http://secunia.com/advisories/28354/
http://www.cherrypy.org/ticket/744/
https://bugs.gentoo.org/show_bug.cgi?id=204829
--- cherrypy/lib/sessions.py	2007-08-06 03:04:44.000000000 +0300
+++ cherrypy/lib/sessions.py	2008-01-08 15:29:59.000000000 +0200
@@ -260,7 +260,10 @@
                     os.path.abspath(self.storage_path)))
     
     def _get_file_path(self):
-        return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
+        f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
+        if not os.path.normpath(f).startswith(self.storage_path):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
+        return f
     
     def _load(self, path=None):
         if path is None: