Root Path Disclosure Affecting send package, versions <0.11.1



    Attack Complexity Low
Expand this section
5.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:send:20151103
  • published 6 Nov 2015
  • disclosed 3 Nov 2015
  • credit Dinis Cruz

How to fix?

Upgrade send to version 0.11.1 or higher. If a direct dependency update is not possible, use snyk wizard to patch this vulnerability.


Send is a library for streaming files from the file system as an http response. It supports partial responses (Ranges), conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework.

Affected versions of this package are vulnerable to a Root Path Disclosure.