The nodejs 8.x series before 8.6 is vulnerable to a path traversal attack, as described in CVE-2017-14849. Upstream has fixed the issue in the 8.6.0 release, which has been available for over a week.
@Maintainer could you please verify which versions in tree are vulnerable? As stated in URL: 4.x NOT vulnerable (stable) 6.x NOT vulnerable (stable) 7.x unknown (non-stable) 8.x unknown (non-stable) 8.5.0 is vulnerable (non-stable) Thank you, Gentoo Security Padawan ChrisADR
whoops. Sorry.
ebuild and cleanup?
Now everything is fixed and tree is clean. Closing Thank you