Send Project: >> Send >> 0.4.1 Security Vulnerabilities
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-09-10
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-01-23