Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks

The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities affecting Windows applications and V8 engine implementations. Security releases are now available for Node.js versions 20.x, 22.x, and 24.x, with patches addressing apath traversalbypass and a HashDoS attack vector that could significantly impact application security and performance. Windows Path Traversal Vulnerability A critical vulnerability identified as CVE-2025-27210 has been discovered in Node.js, specifically targeting Windows device names including CON, PRN, and AUX. This high-severity issue represents an incomplete fix for the previously patched CVE-2025-23084, demonstrating how attackers can bypass path traversal protection mechanisms in the path.normalize() function. The vulnerability affects all Windows users utilizing the path.join() API across active release lines 20.x, 22.x, and 24.x. When processing file paths containingWindowsreserved d...