pillarjs/send

pillarjs/send

Releases68
Frequency2 months 1 week
Last Release
Stars812
Streaming static file server with Range and conditional-GET support

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 0.19.05 MEDIUM

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

< 0.11.15.3 MEDIUM5 MEDIUM

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.

7.5 HIGH

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.