Package impact
npm / send
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6394 | high | — | 7.5 | 12y ago | visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as d… | |||
| CVE-2015-8859 | medium | 5.3 | 5.3 | 10y ago | The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | |||
| CVE-2024-43799 | unknown | — | — | 2y ago | Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0… |