Ilya Kantor

**Name of the Vulnerable Software and Affected Versions** visionmedia send versions prior to 0.8.4 **Description** The issue allows remote attackers to access restricted directories due to a partial comparison used for verifying whether a directory is within the document root. This can be demonstrated by accessing a "public-restricted" directory under a "public" directory. **Recommendations** Update to version 0.8.4 or later. As a temporary workaround, consider restricting access to directories that could be accessed through the vulnerable comparison.