Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-6394

Published: 08/10/2014 Updated: 08/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Fedora

Vulnerability Summary

visionmedia send prior to 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote malicious users to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 21

fedoraproject fedora 20

fedoraproject fedora 19

apple xcode 7.0

joyent node.js

joyent node.js 0.8.2

joyent node.js 0.8.1

joyent node.js 0.8.0

Vendor Advisories

Red Hat: CVE-2014-6394
visionmedia send before 084 for Nodejs uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory ...

Github Repositories

https://github.com/ragle/searchlight

Node.js middleware for creating applications that find VIVO profiles relevant to content in the user's browser.

searchlight Nodejs middleware for creating applications that find VIVO profiles relevant to content in the user's browser ##About To learn more about searchlight and how it's been used - check out our about page ##Documentation ###Installation Install nodejs version 0126 $ git clone gitgithubcom/ragle/searchlight $ cd searchlight $ npm install ###Quic

References

CWE-22https://github.com/visionmedia/send/pull/59http://www.openwall.com/lists/oss-security/2014/09/24/1http://www.securityfocus.com/bid/70100http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.htmlhttps://nodesecurity.io/advisories/send-directory-traversalhttps://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9ahttps://bugzilla.redhat.com/show_bug.cgi?id=1146063http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.htmlhttp://www.openwall.com/lists/oss-security/2014/09/30/10http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlhttps://support.apple.com/HT205217http://www-01.ibm.com/support/docview.wss?uid=swg21687263http://secunia.com/advisories/62170https://exchange.xforce.ibmcloud.com/vulnerabilities/96727https://nvd.nist.govhttps://github.com/ragle/searchlighthttps://access.redhat.com/security/cve/cve-2014-6394
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook