projects / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2624756) | patch
[PATCH] lib,permission: require full read and write to symlink APIs
authorRafaelGSS <rafael.nunu@hotmail.com>
Mon, 10 Nov 2025 22:27:51 +0000 (19:27 -0300)
committerJérémy Lal <kapouer@melix.org>
Tue, 24 Mar 2026 21:11:25 +0000 (22:11 +0100)
commita833ed5a23c44d4e48904a2e4364634f7a5edbf7
treeca7551433bcdaa726376a7567ab252fc65eea7fctree | snapshot
parent2624756cf2a0cc3e4f09d99ee41b04e045ec298ecommit | diff
[PATCH] lib,permission: require full read and write to symlink APIs

Refs: https://hackerone.com/reports/3417819
PR-URL: https://github.com/nodejs-private/node-private/pull/760
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2025-55130
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
Gbp-Pq: Topic sec
Gbp-Pq: Name 36-lib-permission-require-full-read-and-write-to-symlink-apis.patch
lib/fs.js diff | blob | history
lib/internal/fs/promises.js diff | blob | history
test/fixtures/permission/fs-symlink-target-write.js diff | blob | history
test/fixtures/permission/fs-symlink.js diff | blob | history
test/parallel/test-permission-fs-symlink-relative.js diff | blob | history
test/parallel/test-permission-fs-symlink.js diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.