CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-6394

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.048

EPSS Ranking 89.0%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2014-6394

Apple » Xcode » Version: 7.0

cpe:2.3:a:apple:xcode:7.0
Joyent » Node.js » Version: 0.6.1

cpe:2.3:a:joyent:node.js:0.6.1
Joyent » Node.js » Version: 0.6.3

cpe:2.3:a:joyent:node.js:0.6.3
Joyent » Node.js » Version: 0.8.0

cpe:2.3:a:joyent:node.js:0.8.0
Joyent » Node.js » Version: 0.8.1

cpe:2.3:a:joyent:node.js:0.8.1
Joyent » Node.js » Version: 0.8.2

cpe:2.3:a:joyent:node.js:0.8.2
Fedoraproject » Fedora » Version: 19

cpe:2.3:o:fedoraproject:fedora:19
Fedoraproject » Fedora » Version: 20

cpe:2.3:o:fedoraproject:fedora:20
Fedoraproject » Fedora » Version: 21

cpe:2.3:o:fedoraproject:fedora:21

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-6394

Products

Pricing

Contact Us