Node.js path validation vulnerability

  • Node.js version 8.5.0 included a change which caused a security vulnerability in the checks on paths made by some community modules. As a result, an attacker may be able to access file system paths other than those intended.

    Version 8.5.0 of Node.js is vulnerable. 4.x and 6.x versions are NOT vulnerable.
  • Upgrade to the latest version of Node.js. This vulnerability was fixed with the patch from September 2017.