GHSA-M6FV-JMCG-4JFG send vulnerable to template injection that can lead to XSS

Impact passing untrusted user input - even after sanitizing it - to SendStream.redirect may execute untrusted code Patches this issue is patched in send 0.19.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...

AZL-49123 CVE-2024-43799 affecting package reaper for versions less than 3.1.1-13

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...