pillarjs/send
Releases68
Frequency2 months 1 week
Last Release
Stars812
Streaming static file server with Range and conditional-GET support
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 0.19.0 | 5 MEDIUM | — | ||
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. | ||||
| < 0.11.1 | 5.3 MEDIUM | 5 MEDIUM | ||
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | ||||
| — | — | 7.5 HIGH | ||
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | ||||