VYPR

npm package

send

pkg:npm/send

Vulnerabilities (3)

  • CVE-2024-43799Sep 10, 2024
    affected < 0.19.0fixed 0.19.0

    Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

  • CVE-2015-8859MedJan 23, 2017
    affected < 0.11.1fixed 0.11.1

    The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.

  • CVE-2014-6394Oct 8, 2014
    affected < 0.8.4fixed 0.8.4

    visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.