{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-6394", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using \"public-restricted\" under a \"public\" directory." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "[oss-security] 20140924 CVE request: various NodeJS module vulnerabilities", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2014/09/24/1" }, { "name" : "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2014/09/30/10" }, { "name" : "https://github.com/visionmedia/send/pull/59", "refsource" : "MISC", "url" : "https://github.com/visionmedia/send/pull/59" }, { "name" : "https://nodesecurity.io/advisories/send-directory-traversal", "refsource" : "MISC", "url" : "https://nodesecurity.io/advisories/send-directory-traversal" }, { "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146063", "refsource" : "CONFIRM", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146063" }, { "name" : "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a", "refsource" : "CONFIRM", "url" : "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a" }, { "name" : "https://support.apple.com/HT205217", "refsource" : "CONFIRM", "url" : "https://support.apple.com/HT205217" }, { "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263", "refsource" : "CONFIRM", "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263" }, { "name" : "APPLE-SA-2015-09-16-2", "refsource" : "APPLE", "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "name" : "FEDORA-2014-11289", "refsource" : "FEDORA", "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.html" }, { "name" : "FEDORA-2014-11421", "refsource" : "FEDORA", "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.html" }, { "name" : "FEDORA-2014-11495", "refsource" : "FEDORA", "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html" }, { "name" : "70100", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/70100" }, { "name" : "62170", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/62170" }, { "name" : "nodejs-cve20146394-dir-traversal(96727)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96727" } ] } }