Root Path Disclosure

Module: send

Published: November 3rd, 2015

Reported by: Dinis Cruz

CVE-2015-8859

CWE-

Vulnerable: <0.11.1
Patched: >=0.11.1

Overview

The send module < 0.11.1 discloses the root path.

Remediation

Upgrade to send version 0.11.1 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo