Описание
Path Traversal in resolve-path
Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths.
Recommendation
Update to version 1.4.0 or later.
Пакеты
Наименование
resolve-path
npm
Затронутые версииВерсия исправления
< 1.4.0
1.4.0
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.