CVE-2017-14849
published 2017-09-28CVE-2017-14849: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nodejs | — | — |
| nodejs | node.js | — | — |