Описание
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-send | fixed | 1.1.0+~cs1.19.4-1 | package | |
| node-send | fixed | 0.18.0+~cs1.19.1-3+deb12u1 | bookworm | package |
Примечания
https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg
https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 (0.19.0)
EPSS
Связанные уязвимости
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
send vulnerable to template injection that can lead to XSS
send vulnerable to template injection that can lead to XSS
EPSS