Vulnerability
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files. The reason is that Node.js 8.5.0 has a logic error when performing the normalize operation on the directory, which leads to the jump to the upper level(such as ../../../foo/../../../../etc/passwd).
Impact:
This logic error causes the normalize function to return an error result, bypassing the check, and causing arbitrary file reading vulnerabilities.
Mitigation / Precaution
In order to patch this vulnerability, we suggest you to upgrade Node js to the latest version.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
