send

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sendpage 1 of 1

CVE-2014-6394NONECVSS 0.0EG 0.0✓ Fixed in 0.8.4
2014-10-08
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" un…
CVE-2015-8859MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.11.1
2017-01-23
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
CVE-2024-43799MEDIUMCVSS 5.0EG 5.0✓ Fixed in 0.19.0
2024-09-10
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

Check whether send is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for send CVEs against the assets you own.

Start Free Scan →