serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
References
Configurations
Configuration 1 (hide)
|
History
20 Sep 2024, 17:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
Summary |
|
|
CPE | cpe:2.3:a:openjsf:serve-static:*:*:*:*:*:node.js:*:* | |
First Time |
Openjsf
Openjsf serve-static |
|
References | () https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b - Patch | |
References | () https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa - Patch | |
References | () https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p - Vendor Advisory |
10 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 15:15
Updated : 2024-09-20 17:36
NVD link : CVE-2024-43800
Mitre link : CVE-2024-43800
CVE.ORG link : CVE-2024-43800
JSON object : View
Products Affected
openjsf
- serve-static
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')