CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
17.7%
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | node-send | <= 0.18.0+~cs1.19.1-3 | node-send_0.18.0+~cs1.19.1-3_all.deb |
Debian | 11 | all | node-send | <= 0.17.1-2 | node-send_0.17.1-2_all.deb |
Debian | 999 | all | node-send | <= 1.1.0+~cs1.19.4-2 | node-send_1.1.0+~cs1.19.4-2_all.deb |
Debian | 13 | all | node-send | <= 1.1.0+~cs1.19.4-2 | node-send_1.1.0+~cs1.19.4-2_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
17.7%