Candidate: CVE-2015-8859
PublicDate: 2017-01-23 21:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8859
 http://www.openwall.com/lists/oss-security/2016/04/20/11
 https://nodesecurity.io/advisories/56
Description:
 The send package before 0.11.1 for Node.js allows attackers to obtain the
 root path via unspecified vectors.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]

Patches_node-send:
 upstream: https://github.com/pillarjs/send/commit/98a5b89982b38e79db684177cf94730ce7fc7aed
upstream_node-send: released (0.11.1)
precise_node-send: DNE
precise/esm_node-send: DNE
trusty_node-send: ignored (reached end-of-life)
trusty/esm_node-send: DNE (trusty was needed)
vivid/stable-phone-overlay_node-send: DNE
vivid/ubuntu-core_node-send: DNE
wily_node-send: ignored (reached end-of-life)
xenial_node-send: ignored (end of standard support, was needed)
yakkety_node-send: ignored (reached end-of-life)
zesty_node-send: ignored (reached end-of-life)
artful_node-send: ignored (reached end-of-life)
bionic_node-send: needed
cosmic_node-send: ignored (reached end-of-life)
disco_node-send: not-affected (0.16.2-1)
eoan_node-send: not-affected (0.16.2-1)
focal_node-send: not-affected (0.16.2-1)
groovy_node-send: not-affected (0.16.2-1)
hirsute_node-send: not-affected (0.16.2-1)
impish_node-send: not-affected (0.16.2-1)
jammy_node-send: not-affected (0.16.2-1)
devel_node-send: not-affected (0.16.2-1)