projects / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bee526a) | patch
[PATCH] lib,permission: require full read and write to symlink APIs
authorRafaelGSS <rafael.nunu@hotmail.com>
Mon, 10 Nov 2025 22:27:51 +0000 (19:27 -0300)
committerJérémy Lal <kapouer@melix.org>
Thu, 5 Mar 2026 10:05:11 +0000 (11:05 +0100)
commit32f049458805d970d5cf2b5a1431e8231e0f038d
tree2509a219c4d5d01f5ff415bae62607c57e1764c7tree | snapshot
parentbee526a7775fad0d4874797a47976780a4a2d716commit | diff
[PATCH] lib,permission: require full read and write to symlink APIs

Refs: https://hackerone.com/reports/3417819
PR-URL: https://github.com/nodejs-private/node-private/pull/760
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2025-55130
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
Gbp-Pq: Topic sec
Gbp-Pq: Name 36-lib-permission-require-full-read-and-write-to-symlink-apis.patch
lib/fs.js diff | blob | history
lib/internal/fs/promises.js diff | blob | history
test/fixtures/permission/fs-symlink-target-write.js diff | blob | history
test/fixtures/permission/fs-symlink.js diff | blob | history
test/parallel/test-permission-fs-symlink-relative.js diff | blob | history
test/parallel/test-permission-fs-symlink.js diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.