Candidate: CVE-2014-6394
PublicDate: 2014-10-08 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394
 https://nodesecurity.io/advisories/send-directory-traversal
Description:
 visionmedia send before 0.8.4 for Node.js uses a partial comparison for
 verifying whether a directory is within the document root, which allows
 remote attackers to access restricted directories, as demonstrated using
 "public-restricted" under a "public" directory.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_node-send:
upstream_node-send: needs-triage
lucid_node-send: DNE
precise_node-send: DNE
precise/esm_node-send: DNE
trusty_node-send: ignored (reached end-of-life)
trusty/esm_node-send: DNE (trusty was needs-triage)
utopic_node-send: ignored (reached end-of-life)
vivid_node-send: ignored (reached end-of-life)
vivid/stable-phone-overlay_node-send: DNE
vivid/ubuntu-core_node-send: DNE
wily_node-send: ignored (reached end-of-life)
xenial_node-send: released (0.9.4-1)
yakkety_node-send: ignored (reached end-of-life)
zesty_node-send: ignored (reached end-of-life)
artful_node-send: ignored (reached end-of-life)
bionic_node-send: released (0.9.4-1)
cosmic_node-send: released (0.9.4-1)
disco_node-send: not-affected (0.9.4-1)
devel_node-send: not-affected (0.9.4-1)