CVE-2024-56198

Name of the Vulnerable Software and Affected Versions path-sanitizer versions prior to 3.1.0

Description The path-sanitizer npm package has a path traversal vulnerability due to a filter bypass issue. This can be exploited using .=%5c, allowing an attacker to traverse the file system. Any CLI tool or library using this package can be vulnerable to path traversal. The issue is fixed in version 3.1.0.

Recommendations For path-sanitizer versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sanitize() function until a patch is available. Avoid using the .= %5c sequence in paths to minimize the risk of exploitation.