Security Bulletin: A vulnerability in the Send library affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Send library affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for...

send: Code Execution Vulnerability in Send Library

A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect function...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.34.0 security update & enhancements

Release of OpenShift Serverless Logic 1.34.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2024-43799

A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

AZL-49088 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-4

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

AZL-49164 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-5

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

UBUNTU-CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

CVE-2024-43799

CVE-2024-43799 is a vulnerability in the Send library used to stream files as HTTP responses. The issue occurs because untrusted input is passed to SendStream.redirect(), which can cause execution of untrusted code. The description notes this leads to code execution and that the fix is in send 0....

CVE-2024-43799 send vulnerable to template injection that can lead to XSS

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

CVE-2024-43799 send vulnerable to template injection that can lead to XSS

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

send 跨站脚本漏洞

send is a pillarjs open source library for streaming files from the file system as http responses. A cross-site scripting vulnerability exists in send versions prior to 0.19.0 that stems from passing untrusted user input to SendStream.redirect to execute untrusted code...

GHSA-XWG4-93C6-3H42 Directory Traversal in send

Versions 0.8.3 and earlier of send are affected by a directory traversal vulnerability. When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example,...

GHSA-JGQF-HWC5-HH37 Root Path Disclosure in send

Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later...

UBUNTU-CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...