Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()
High
N
Node.js
Submitted None
Team Summary
Official summary from Node.js
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API.
Actions:
Reported by
oblivionsage
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Path Traversal