Node.js version 8.5.0 included a change which caused a security vulnerability in the checks on paths made by some community modules. As a result, an attacker may be able to access file system paths other than those intended.
Version 8.5.0 of Node.js is vulnerable. 4.x and 6.x versions are NOT vulnerable.
- Upgrade to the latest version of Node.js. This vulnerability was fixed with the patch from September 2017.
- VMware directory traversal and privilege escalation vulnerabilities
- WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)
- WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)
- Multiple vulnerabilities in Ioncube loader-wizard.php
- WordPress Plugin InPost Gallery Multiple Vulnerabilities (2.1.2)