Directory Traversal in send

🗓️ 24 Oct 2017 18:33:36Reported by GitHub Advisory DatabaseType

Versions 0.8.3 and earlier of send are vulnerable to directory traversal, allowing unauthorized file access when using the root option to restrict access

Reporter	Title	Published	Views	Family All 25
CVE	CVE-2014-6394	8 Oct 201417:00	–	cve
Cvelist	CVE-2014-6394	8 Oct 201417:00	–	cvelist
Debian CVE	CVE-2014-6394	8 Oct 201417:00	–	debiancve
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Node.js modules affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-6394, CVE-2014-7191)	15 Jun 201807:01	–	ibm
EUVD	EUVD-2017-0335	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 19 Update: nodejs-send-0.3.0-4.fc19	6 Oct 201405:00	–	fedora
Fedora	[SECURITY] Fedora 20 Update: nodejs-send-0.3.0-4.fc20	6 Oct 201405:06	–	fedora
Tenable Nessus	Fedora 21 : nodejs-send-0.3.0-4.fc21 (2014-11289)	29 Sep 201400:00	–	nessus
Tenable Nessus	Fedora 20 : nodejs-send-0.3.0-4.fc20 (2014-11421)	6 Oct 201400:00	–	nessus
Tenable Nessus	Fedora 19 : nodejs-send-0.3.0-4.fc19 (2014-11495)	6 Oct 201400:00	–	nessus

Vulners

Node

send_project sendRange<0.8.4npm

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-6394
github	www.github.com/visionmedia/send/pull/59
github	www.github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a
github	www.github.com/advisories/GHSA-xwg4-93c6-3h42
npmjs	www.npmjs.com/advisories/32
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/96727
support	www.support.apple.com/HT205217
lists	www.lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html

09 Jan 2023 05:03Current

4.7Medium risk

Vulners AI Score4.7

CVSS 27.5

EPSS0.04842

CWE-22