npm package
send
pkg:npm/send
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-43799 | — | < 0.19.0 | 0.19.0 | Sep 10, 2024 | Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. | ||
| CVE-2015-8859 | Med | 5.3 | < 0.11.1 | 0.11.1 | Jan 23, 2017 | The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | |
| CVE-2014-6394 | — | < 0.8.4 | 0.8.4 | Oct 8, 2014 | visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. |
- CVE-2024-43799Sep 10, 2024affected < 0.19.0fixed 0.19.0
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
- affected < 0.11.1fixed 0.11.1
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
- CVE-2014-6394Oct 8, 2014affected < 0.8.4fixed 0.8.4
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.