CVE-2025-23084
CVE-2025-23084
Título es
CVE-2025-23084
Mar, 28/01/2025 – 05:15
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-23084
Descripción en
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.
On Windows, a path that does not start with the file separator is treated as relative to the current directory.
This vulnerability affects Windows users of `path.join` API.
28/01/2025
28/01/2025
Vector CVSS:3.1
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
5.60
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Enviar en el boletín
Off
