VDB

ANCHORE-2025-23084

ANCHORE-2025-23084 PUBLISHED

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.

Affected Products

VendorProductVersions
nodejsnode0, 19, 21
Oracle CorporationGraalVM For JDK12, 18, 12

Timeline

  • Jan 28, 2025 CVE Published
  • Jan 28, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›