VDB
ANCHORE-2025-23084
ANCHORE-2025-23084
PUBLISHED
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nodejs | node | 0, 19, 21 |
| Oracle Corporation | GraalVM For JDK | 12, 18, 12 |
Timeline
- Jan 28, 2025 CVE Published
- Jan 28, 2025 CVE Updated