CVE-2014-6394
published 2014-10-08CVE-2014-6394: visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.26%
89.7th percentile
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | xcode | — | — |
| apple | xcode | — | — |
| debian | node-send | < node-send 0.9.4-1 (bookworm) | node-send 0.9.4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| joyent | node.js | <= 0.8.3 | — |
| joyent | node.js | — | — |
| joyent | node.js | — | — |
| joyent | node.js | — | — |
| send_project | send | >= 0 < 0.8.4 | 0.8.4 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Directory Traversal in send
osv·2017-10-24
CVE-2014-6394 [LOW] Directory Traversal in send
Directory Traversal in send
Versions 0.8.3 and earlier of `send` are affected by a directory traversal vulnerability. When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory.
For example, `static(_dirname + '/public')` would allow access to `_dirname + '/public-restricted'`.
## Recommendation
Update to version 0.8.4 or later.
GHSA
Directory Traversal in send
ghsa·2017-10-24
CVE-2014-6394 [LOW] CWE-22 Directory Traversal in send
Directory Traversal in send
Versions 0.8.3 and earlier of `send` are affected by a directory traversal vulnerability. When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory.
For example, `static(_dirname + '/public')` would allow access to `_dirname + '/public-restricted'`.
## Recommendation
Update to version 0.8.4 or later.
OSV
CVE-2014-6394: visionmedia send before 0
osv·2014-10-08·CVSS 7.5
CVE-2014-6394 [HIGH] CVE-2014-6394: visionmedia send before 0
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
Red Hat
nodejs-send: directory traversal vulnerability
vendor_redhat·2014-09-12·CVSS 7.5
CVE-2014-6394 [HIGH] CWE-22 nodejs-send: directory traversal vulnerability
nodejs-send: directory traversal vulnerability
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
Package: nodejs010-nodejs-send (Red Hat OpenShift Enterprise 2) - Will not fix
Debian
CVE-2014-6394: node-send - visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifyin...
vendor_debian·2014·CVSS 7.5
CVE-2014-6394 [HIGH] CVE-2014-6394: node-send - visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifyin...
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
Scope: local
bookworm: resolved (fixed in 0.9.4-1)
bullseye: resolved (fixed in 0.9.4-1)
forky: resolved (fixed in 0.9.4-1)
sid: resolved (fixed in 0.9.4-1)
trixie: resolved (fixed in 0.9.4-1)
Apple
CVE-2014-6394: Xcode 7.0
vendor_apple·CVSS 7.5
CVE-2014-6394 [HIGH] CVE-2014-6394: Xcode 7.0
Apple Security Update: About the security content of Xcode 7.0
Product: Xcode
Version: 7.0
CVE: CVE-2014-6394
Component: CVE-ID
No detection rules found.
No public exploits indexed.
CWE
Partial String Comparison
mitre_cwe·CVSS 7.5
[HIGH] CWE-187 Partial String Comparison
CWE-187: Partial String Comparison
The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.
For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Access Control. Impact: Alter Execution Logic, Bypass Protection Mechanism.
Potential Mitigations:
[Testing] Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
Examples:
This example defines a fixed username and password. The AuthenticateUser() function is intended
CWE
Incomplete Comparison with Missing Factors
mitre_cwe
CWE-1023 Incomplete Comparison with Missing Factors
CWE-1023: Incomplete Comparison with Missing Factors
The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Access Control. Impact: Alter Execution Logic, Bypass Protection Mechanism. An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.
Potential Mitigations:
[Testing] Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
Examples:
Consider an application in which Truck objects are de
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.htmlhttp://secunia.com/advisories/62170http://www-01.ibm.com/support/docview.wss?uid=swg21687263http://www.openwall.com/lists/oss-security/2014/09/24/1http://www.openwall.com/lists/oss-security/2014/09/30/10http://www.securityfocus.com/bid/70100https://bugzilla.redhat.com/show_bug.cgi?id=1146063https://exchange.xforce.ibmcloud.com/vulnerabilities/96727https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9ahttps://github.com/visionmedia/send/pull/59https://nodesecurity.io/advisories/send-directory-traversalhttps://support.apple.com/HT205217http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.htmlhttp://secunia.com/advisories/62170http://www-01.ibm.com/support/docview.wss?uid=swg21687263http://www.openwall.com/lists/oss-security/2014/09/24/1http://www.openwall.com/lists/oss-security/2014/09/30/10http://www.securityfocus.com/bid/70100https://bugzilla.redhat.com/show_bug.cgi?id=1146063https://exchange.xforce.ibmcloud.com/vulnerabilities/96727https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9ahttps://github.com/visionmedia/send/pull/59https://nodesecurity.io/advisories/send-directory-traversalhttps://support.apple.com/HT205217
2014-10-08
Published