6 matches found
Alibaba Cloud Linux 3 : 0045: nodejs:20 (ALINUX3-SA-2026:0045)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0045 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-55130: A flaw in Node.jss...
CVE-2025-55130 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
DEBIAN-CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
PT-2026-2468
Name of the Vulnerable Software and Affected Versions Node.js affected versions not specified Description A flaw exists in the Node.js software platform due to incorrect path name restriction for restricted access directories. Successful exploitation of this issue could allow an attacker to...