CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43799 – send vulnerable to template injection that can lead to XSS
https://notcve.org/view.php?id=CVE-2024-43799
10 Sep 2024 — Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. Send es una librería para transmitir archivos desde el sistema de archivos como una respuesta http. Send pasa la entrada de usuario no confiable a SendStream.redirect(), que ejecuta código no confiable. • https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8859
https://notcve.org/view.php?id=CVE-2015-8859
23 Jan 2017 — The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. El paquete send en versiones anteriores a 0.11.1 para Node.js permite a atacantes obter la ruta de root a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/04/20/11 •