Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2015-8859
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
| Software | From | Fixed in |
|---|---|---|
send
|
- | 0.11.1 |
| send_project / send | - | 0.11.1 |
- http://www.openwall.com/lists/oss-security/2016/04/20/11
- http://www.securityfocus.com/bid/96435
- https://github.com/expressjs/serve-static/blob/master/HISTORY.md#181--2015-01-20
- https://github.com/pillarjs/send/commit/98a5b89982b38e79db684177cf94730ce7fc7aed
- https://github.com/pillarjs/send/pull/70
- https://nodesecurity.io/advisories/56
- https://www.npmjs.com/advisories/56