OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
8306457110ebba648de5979136c39f7abba46ea9
node/lib
History
RafaelGSS 8306457110 path: fix path traversal in normalize() on Windows 
Without this patch, on Windows, normalizing a relative path might result
in a path that Windows considers absolute. In rare cases, this might
lead to path traversal vulnerabilities in user code.

We attempt to detect those cases and return a relative path instead.

Co-Authored-By: Tobias Nießen <tobias.niessen@tuwien.ac.at>
PR-URL: https://github.com/nodejs-private/node-private/pull/555
Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/665
CVE-ID: CVE-2025-23084
2025-01-21 15:53:46 -03:00
..
assert
dns
fs
inspector
internal
src: fix HTTP2 mem leak on premature close and ERR_PROTO
2025-01-21 15:53:42 -03:00
path
readline
lib: remove Symbol[Async]Dispose polyfills
2024-10-07 09:47:44 +00:00
stream
test
timers
lib: remove unnecessary optional chaining
2024-11-07 15:59:12 +00:00
util
_http_agent.js
lib: remove startsWith/endsWith primordials for char checks
2024-10-19 10:18:10 +00:00
_http_client.js
http: add setDefaultHeaders option to http.request
2024-12-12 16:43:10 +00:00
_http_common.js
_http_incoming.js
_http_outgoing.js
http: don't emit error after destroy
2024-10-28 12:57:58 +00:00
_http_server.js
http: add diagnostic channel http.server.response.created
2024-11-02 13:46:20 +00:00
_stream_duplex.js
_stream_passthrough.js
_stream_readable.js
_stream_transform.js
_stream_wrap.js
_stream_writable.js
_tls_common.js
lib: prefer logical assignment
2024-10-09 06:42:16 +00:00
_tls_wrap.js
lib: prefer logical assignment
2024-10-09 06:42:16 +00:00
assert.js
assert: make partialDeepStrictEqual work with urls and File prototypes
2025-01-09 17:35:54 +00:00
async_hooks.js
lib: prefer logical assignment
2024-10-09 06:42:16 +00:00
buffer.js
util: harden more built-in classes against prototype pollution
2024-12-16 22:33:08 +00:00
child_process.js
lib: replace createDeferredPromise util with Promise.withResolvers
2024-10-19 10:13:58 +02:00
cluster.js
console.js
constants.js
crypto.js
crypto: runtime deprecate crypto.fips
2024-09-25 22:31:03 +00:00
dgram.js
dgram: support blocklist in udp
2024-12-15 14:19:27 +00:00
diagnostics_channel.js
diagnostics_channel: fix unsubscribe during publish
2024-10-14 10:55:39 +00:00
dns.js
dns: honor the order option
2024-10-17 13:18:28 +00:00
domain.js
eslint.config_partial.mjs
module: use buffer.toString base64
2024-12-21 11:02:30 +00:00
events.js
Revert "events: add hasEventListener util for validate"
2024-12-19 18:16:48 +01:00
fs.js
fs: deprecate passing invalid types in fs.existsSync
2025-01-10 13:04:14 +01:00
http2.js
http.js
https.js
lib: remove Symbol[Async]Dispose polyfills
2024-10-07 09:47:44 +00:00
inspector.js
lib: remove Symbol[Async]Dispose polyfills
2024-10-07 09:47:44 +00:00
module.js
module: add findPackageJSON util
2024-10-25 20:40:54 +00:00
net.js
net: support blocklist in net.connect
2024-12-06 04:36:24 +00:00
os.js
src: improve node:os userInfo performance
2024-11-08 19:40:25 +00:00
path.js
path: fix path traversal in normalize() on Windows
2025-01-21 15:53:46 -03:00
perf_hooks.js
process.js
punycode.js
punycode: limit deprecation warning
2025-01-18 18:01:54 +00:00
querystring.js
lib: prefer logical assignment
2024-10-09 06:42:16 +00:00
quic.js
src, quic: refine more of the quic implementation
2025-01-06 10:47:36 -08:00
readline.js
lib: prefer logical assignment
2024-10-09 06:42:16 +00:00
repl.js
module: add prefix-only modules to module.builtinModules
2024-12-14 07:35:00 +00:00
sea.js
sqlite.js
stream.js
string_decoder.js
sys.js
test.js
test_runner: add assert.register() API
2025-01-04 18:30:04 +00:00
timers.js
lib: prefer logical assignment
2024-10-09 06:42:16 +00:00
tls.js
trace_events.js
tty.js
url.js
lib: remove redundant global regexps
2024-12-10 12:18:18 +00:00
util.js
util: rename CallSite.column to columnNumber
2025-01-15 13:28:53 +00:00
v8.js
lib: handle Float16Array in node:v8 serdes
2024-12-07 18:24:28 +00:00
vm.js
lib: add validation for options in compileFunction
2024-12-06 06:53:06 +00:00
wasi.js
worker_threads.js
src,worker: add isInternalWorker
2025-01-14 18:24:30 +00:00
zlib.js
zlib: deprecate classes usage without new
2024-11-29 20:55:03 +00:00