CVE-2024-43799

Name of the Vulnerable Software and Affected Versions Send versions prior to 0.19.0

Description The issue arises from passing untrusted user input to SendStream.redirect(), which can execute untrusted code. This occurs even when the input is sanitized. The library Send is used for streaming files from the file system as an HTTP response.

Recommendations For versions prior to 0.19.0, update to version 0.19.0 to patch the issue. As a temporary workaround, ensure any untrusted inputs are safe by validating them against an explicit allowlist.