diff --git a/lib/view.js b/lib/view.js
index d66b4a2d89c..ff361ee198d 100644
--- a/lib/view.js
+++ b/lib/view.js
@@ -25,8 +25,10 @@ var fs = require('node:fs');
 var dirname = path.dirname;
 var basename = path.basename;
 var extname = path.extname;
+var isAbsolute = path.isAbsolute;
 var join = path.join;
 var resolve = path.resolve;
+var sep = path.sep;
 
 /**
  * Module exports.
@@ -112,6 +114,14 @@ View.prototype.lookup = function lookup(name) {
 
     // resolve the path
     var loc = resolve(root, name);
+    
+    // security: ensure resolved path stays within root directory
+    var resolvedRoot = resolve(root);
+    if (!isAbsolute(name) && loc !== resolvedRoot && !loc.startsWith(resolvedRoot + sep)) {
+      debug('path traversal attempt detected: "%s" resolved outside root "%s"', name, root);
+      continue;
+    }
+    
     var dir = dirname(loc);
     var file = basename(loc);