CVE-2014-6394

Name of the Vulnerable Software and Affected Versions visionmedia send versions prior to 0.8.4

Description The issue allows remote attackers to access restricted directories due to a partial comparison used for verifying whether a directory is within the document root. This can be demonstrated by accessing a "public-restricted" directory under a "public" directory.

Recommendations Update to version 0.8.4 or later. As a temporary workaround, consider restricting access to directories that could be accessed through the vulnerable comparison.