- Description
- A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
- Source
- support@hackerone.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 5.6
- Impact score
- 4.2
- Exploitability score
- 1.3
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
- Hype score
- Not currently trending
CVE-2025-23084 A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat … https://t.co/hRvvR49kxM
@CVEnew
28 Jan 2025
222 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[#KUSANAGI9 Updated!] KUSANAGI 9 Module Update KUSANAGI 9 modules have been updated. The updated modules are as follows: nodejs 18.20.6-1 This update includes support for vulnerability(CVE-2025-23085, CVE-2025-23084,... https://t.co/6IiNTOqAmN #KUSANAGI #KUSANAGI9
@kusanagi_saya
24 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes