Root Path Disclosure Affecting send package, versions <0.11.1

  • Attack Complexity


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    6 Nov 2015

  • disclosed

    3 Nov 2015

  • credit

    Dinis Cruz

How to fix?

Upgrade send to version 0.11.1 or higher. If a direct dependency update is not possible, use snyk wizard to patch this vulnerability.


Send is a library for streaming files from the file system as an http response. It supports partial responses (Ranges), conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework.

Affected versions of this package are vulnerable to a Root Path Disclosure.