Vulnerability
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files. The reason is that Node.js 8.5.0 has a logic error when performing the normalize operation on the directory, which leads to the jump to the upper level(such as ../../../foo/../../../../etc/passwd).
Impact:
This logic error causes the normalize function to return an error result, bypassing the check, and causing arbitrary file reading vulnerabilities.
Mitigation / Precaution
In order to patch this vulnerability, we suggest you to upgrade Node js to the latest version.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
