Root Path Disclosure Affecting send package, versions <0.11.1


0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.14% (48th percentile)
Expand this section
NVD
5.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:send:20151103
  • published 6 Nov 2015
  • disclosed 3 Nov 2015
  • credit Dinis Cruz

How to fix?

Upgrade send to version 0.11.1 or higher. If a direct dependency update is not possible, use snyk wizard to patch this vulnerability.

Overview

Send is a library for streaming files from the file system as an http response. It supports partial responses (Ranges), conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework.

Affected versions of this package are vulnerable to a Root Path Disclosure.