Lucene search
GoogleOSV:GHSA-JGQF-HWC5-HH37HistoryOct 24, 2017 - 6:33 p.m.
Root Path Disclosure in send
2017-10-2418:33:36
Google
osv.dev
11
EPSS
0.001
Percentile
49.0%
Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem.
Recommendation
Update to version 0.11.1 or later.
References
www.openwall.com/lists/oss-security/2016/04/20/11
github.com/expressjs/serve-static/blob/master/HISTORY.md#181--2015-01-20
github.com/pillarjs/send
github.com/pillarjs/send/commit/98a5b89982b38e79db684177cf94730ce7fc7aed
github.com/pillarjs/send/pull/70
nvd.nist.gov/vuln/detail/CVE-2015-8859
web.archive.org/web/20200227192016/https://www.securityfocus.com/bid/96435
Related
prion
prion
Path traversal
2017-01-23 21:59:00
cvelist
cvelist
CVE-2015-8859
2017-01-23 21:00:00
debiancve
debiancve
CVE-2015-8859
2017-01-23 21:59:00
nodejs
nodejs
Root Path Disclosure
2015-11-03 07:12:20
cve
cve
CVE-2015-8859
2017-01-23 21:59:00
ubuntucve
ubuntucve
CVE-2015-8859
2017-01-23 00:00:00
github
github
Root Path Disclosure in send
2017-10-24 18:33:36
nvd
nvd
CVE-2015-8859
2017-01-23 21:59:00