Package impact
npm / send
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6394 | high | — | 7.5 | 12y ago | visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as d… | |||
| CVE-2015-8859 | medium | 5.3 | 5.3 | 10y ago | The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. |