The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
5.3CVSS
5.1AI Score
0.001EPSS
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
5CVSS
5AI Score
0.0005EPSS