doc: add json entry for latest sec vuln

PR-URL: #46 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
nodejs · Oct 2, 2017 · 24bc2f9 · 24bc2f9
1 parent a7a9ec7
commit 24bc2f9
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/vuln/core/42.json b/vuln/core/42.json
@@ -0,0 +1,9 @@
+{
+  "cve": [
+    "CVE-2017-14849"
+  ],
+  "vulnerable": "8.5.0",
+  "patched": "^8.6.0",
+  "ref": "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/",
+  "overview": "Node.js version 8.5.0 included a change which caused a security vulnerability in the checks on paths made by some community modules. As a result, an attacker may be able to access file system paths other than those intended."
+}