Description

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

INFO

Published Date :

2024-09-10T14:45:06.761Z

Last Modified :

2025-11-03T19:30:41.760Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43799 vulnerability.

Vendors Products
Redhat
  • Discovery
  • Network Observ Optr
  • Openshift
  • Openshift Data Foundation
  • Openshift Distributed Tracing
  • Openshift Gitops
  • Openshift Serverless
  • Rhboac Hawtio
  • Rhmt
  • Service Mesh
Send Project
  • Send
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43799.

URL Resource
https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 cve-icon cve-icon cve-icon
https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/06/msg00022.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-43799 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-43799 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact