stable

nodejs-send-0.3.0-4.fc21

FEDORA-2014-11289 created by patches 10 years ago for Fedora 21

When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example, static(_dirname + '/public') would allow access to _dirname + '/public-restricted'.

https://nodesecurity.io/advisories/send-directory-traversal

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2014-11289

This update has been submitted for testing by patches.

10 years ago

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1ha73 (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1ha79 (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This update has been submitted for stable by patches.

10 years ago

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1he94 (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
BZ#1146063 CVE-2014-6394 nodejs-send: directory traversal vulnerability
0
0
BZ#1146064 nodejs-send: directory traversal vulnerability [fedora-all]
0
0

Automated Test Results