GHSA-pgv6-jrvv-75jp

Source

https://github.com/advisories/GHSA-pgv6-jrvv-75jp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-pgv6-jrvv-75jp/GHSA-pgv6-jrvv-75jp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pgv6-jrvv-75jp

Withdrawn

2020-06-16T21:49:08Z

Published

2018-10-09T00:34:30Z

Modified

2020-06-16T22:04:41Z

Summary

Moderate severity vulnerability that affects send

Details

Withdrawn, accidental duplicate publish.

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:49:08Z",
    "nvd_published_at": null,
    "severity": "MODERATE",
    "cwe_ids": []
}

References

Affected packages

npm / send

Package

Name: send; View open source insights on deps.dev
Purl: pkg:npm/send

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-pgv6-jrvv-75jp/GHSA-pgv6-jrvv-75jp.json"