npm

Severity: low

Root Path Disclosure

send

Overview

Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem.

Remediation

Update to version 0.11.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Nov 3rd, 2015
  2. reported

    Initial report by Dinis Cruz
    Nov 3rd, 2015