Root Path Disclosure Affecting send package, versions <0.11.1


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    npm:send:20151103

  • published

    6 Nov 2015

  • disclosed

    3 Nov 2015

  • credit

    Dinis Cruz

How to fix?

Upgrade send to version 0.11.1 or higher. If a direct dependency update is not possible, use snyk wizard to patch this vulnerability.

Overview

Send is a library for streaming files from the file system as an http response. It supports partial responses (Ranges), conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework.

Affected versions of this package are vulnerable to a Root Path Disclosure.