Versions of resolve-path
before 1.4.0 are vulnerable to path traversal. resolve-path
relative path resolving suffers from a lack of file path sanitization for windows based paths.
Update to version 1.4.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
resolve-path | lt | 1.4.0 |