v24.4.1
📦 node-jsView on GitHub →
🐛 2 fixes🔧 2 symbols
Summary
This security release addresses a HashDoS vulnerability in V8 (CVE-2025-27209) and a path traversal protection bypass on Windows involving reserved device names (CVE-2025-27210).
Migration Steps
- Update Node.js to the latest security release to mitigate CVE-2025-27209 and CVE-2025-27210.
🐛 Bug Fixes
- Fixed HashDoS vulnerability (CVE-2025-27209) in V8 by reverting RapidHash algorithm commits.
- Fixed Path Traversal protection bypass (CVE-2025-27210) on Windows where reserved device names (CON, PRN, AUX) could bypass path.normalize().