Updated: 2025-11-10 02:55:37.786364
Description:
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| EL 10 | nodejs | 18 | 5.5 | MEDIUM | Not Vulnerable | 2026-02-10 15:16:47 | ||
| EL 10 | nodejs | 14 | 5.5 | MEDIUM | Not Vulnerable | 2026-02-10 15:16:50 | ||
| EL 7 | nodejs | 14 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:34 | ||
| EL 7 | nodejs | 18 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:33 | ||
| EL 7 | nodejs | 16 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:34 | ||
| EL 7 | nodejs | 20 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:33 | ||
| EL 7 | nodejs | 12 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:37 | ||
| EL 8 | nodejs | 12 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:43 | ||
| EL 8 | nodejs | 14 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:36 | ||
| EL 8 | nodejs | 20 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:35 |