Description
Node.js version 8.5.0 included a change which caused a security vulnerability in the checks on paths made by some community modules. As a result, an attacker may be able to access file system paths other than those intended.
Version 8.5.0 of Node.js is vulnerable. 4.x and 6.x versions are NOT vulnerable.
Remediation
Upgrade to the latest version of Node.js. This vulnerability was fixed with the patch from September 2017.
References
Related Vulnerabilities
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Local File Inclusion (4.18.63)
WordPress Plugin WP Source Control Directory Traversal (3.0.0)
Apache Tomcat version older than 6.0.10
Drupal Core 8.9.x Directory Traversal (8.9.0 - 8.9.16)
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)