Severity: low

Root Path Disclosure

send

Overview

Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem.

Remediation

Update to version 0.11.1 or later.

Advisory timeline

  1. published

    Advisory published
    Nov 3rd, 2015
  2. reported

    Nov 3rd, 2015