CNNVD-202507-2264 Information
CNNVD ID
CNNVD-202507-2264
Related CVE
- CNNVD Published: 2025-07-16
Description (Chinese)
Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js存在路径遍历漏洞,该漏洞源于在攻击者发送恶意 URL 的情况下,系统可能无法正确处理设备名称,导致路径遍历。
Description (English)
Node.js is an open-source, cross-platform JavaScript running environment for Node.js. Node.js has a loophole in its path, which stems from the fact that the system may not be able to correct the name of the device in the event of a malicious URL being sent by the assailant, leading to a path pass.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
Nodemailer
Published
2025-07-16
Last Modified
2026-02-24
References
https://nodejs.org/en/blog/vulnerability/july-2025-security-releases https://www.exploit-db.com/exploits/52369 https://access.redhat.com/security/cve/cve-2025-27210 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html https://cxsecurity.com/issue/WLB-2025070023
Patch
https://nodejs.org/en/download/current
Share on: