CVE Database · CVE-2014-6394
CVSS v3.1
N/A
EPSS
4.26%
Published
Oct 8, 2014
Modified
May 6, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
Weaknesses (CWE)
Affected Products (8)
References (20)
