Updated: 2025-11-10 02:55:37.786364
Description:
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Ubuntu 22.04 | nodejs | 20 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:29 | ||
| Ubuntu 22.04 | nodejs | 14 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:24 | ||
| Ubuntu 24.04 | nodejs | 20 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:28 | ||
| Ubuntu 24.04 | nodejs | 14 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:38 | ||
| Ubuntu 24.04 | nodejs | 18 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:19 | ||
| Ubuntu 24.04 | nodejs | 12 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:23 | ||
| Ubuntu 24.04 | nodejs | 16 | 5.5 | MEDIUM | Not Vulnerable | 2025-11-04 22:56:40 |