Summary
The Node.js project released a new versions of 8.x this week which incorporates a security fix.
Impact
Version 8.5.0 of Node.js is vulnerable.
4.x and 6.x versions are NOT vulnerable.
Downloads
Node.js-specific security flaws
Node.js version 8.5.0 included a change which caused a security vulnerability in the checks on paths made by some community modules. As a result, an attacker may be able to access file system paths other than those intended.
A CVE will be requested and the number will be posted once available.
Contact and future updates
Subscribe to the low-volume announcement-only nodejs-sec mailing list at
https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organisation.