You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
path: fix path traversal in normalize() on Windows
Without this patch, on Windows, normalizing a relative path might result
in a path that Windows considers absolute. In rare cases, this might
lead to path traversal vulnerabilities in user code.
We attempt to detect those cases and return a relative path instead.
PR-URL: nodejs-private/node-private#555
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2025-23084
0 commit comments