N/A

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.

N/A

对路径名的限制不恰当(路径遍历)

resolve-path 路径遍历漏洞

resolve-path是一个用于解析、验证根路径的相对路径的模块。 resolve-path 1.4.0之前版本中存在路径遍历漏洞，该漏洞源于程序缺少对带有特殊字符串路径的检测。攻击者可利用该漏洞读取任意文件的内容。

N/A

N/A