Path Traversal

Overview

Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths.

Recommendation

Update to version 1.4.0 or later.

References

• HackerOne Report
• GitHub Advisory