Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
References
Configurations
Configuration 1 (hide)
|
History
20 Sep 2024, 16:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553 - Patch | |
References | () https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
First Time |
Openjsf express
Openjsf |
|
Summary |
|
|
CPE | cpe:2.3:a:openjsf:express:5.0.0:alpha4:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:beta2:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:alpha5:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:beta3:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:alpha2:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:alpha7:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:beta1:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:alpha8:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:alpha6:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:alpha3:*:*:*:node.js:*:* cpe:2.3:a:openjsf:express:5.0.0:alpha1:*:*:*:node.js:*:* |
10 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 15:15
Updated : 2024-09-20 16:07
NVD link : CVE-2024-43796
Mitre link : CVE-2024-43796
CVE.ORG link : CVE-2024-43796
JSON object : View
Products Affected
openjsf
- express
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')