Lucene search
HistorySep 10, 2024 - 3:15 p.m.
CVE-2024-43796
cve-2024-43796
express.js
web framework
untrusted input
response.redirect()
code execution
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Affected configurations
Node
openjsfexpressRange<4.20.0node.js
ORopenjsfexpressMatch5.0.0alpha1node.js
ORopenjsfexpressMatch5.0.0alpha2node.js
ORopenjsfexpressMatch5.0.0alpha3node.js
ORopenjsfexpressMatch5.0.0alpha4node.js
ORopenjsfexpressMatch5.0.0alpha5node.js
ORopenjsfexpressMatch5.0.0alpha6node.js
ORopenjsfexpressMatch5.0.0alpha7node.js
ORopenjsfexpressMatch5.0.0alpha8node.js
ORopenjsfexpressMatch5.0.0beta1node.js
ORopenjsfexpressMatch5.0.0beta2node.js
ORopenjsfexpressMatch5.0.0beta3node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openjsf | express | * | cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha1:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha2:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha3:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha4:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha5:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha6:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha7:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:alpha8:*:*:*:node.js:*:* |
| openjsf | express | 5.0.0 | cpe:2.3:a:openjsf:express:5.0.0:beta1:*:*:*:node.js:*:* |
Related
osv
osv
express vulnerable to XSS via response.redirect()
2024-09-10 19:41:04
CGA-jq8v-jx6x-3fpc
2024-09-25 05:27:38
UBUNTU-CVE-2024-43796
2024-09-10 15:15:00
debiancve
debiancve
CVE-2024-43796
2024-09-10 15:15:17
vulnrichment
vulnrichment
CVE-2024-43796 express vulnerable to XSS via response.redirect()
2024-09-10 14:36:27
redhatcve
redhatcve
CVE-2024-43796
2024-09-10 16:13:22
github
github
express vulnerable to XSS via response.redirect()
2024-09-10 19:41:04
cve
cve
CVE-2024-43796
2024-09-10 15:15:17
cvelist
cvelist
CVE-2024-43796 express vulnerable to XSS via response.redirect()
2024-09-10 14:36:27
wolfi
wolfi
CVE-2024-43796 vulnerabilities
2024-09-29 03:35:17
ibm
ibm
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-37f95ce86b)
2024-09-18 00:00:00
Fedora: Security Advisory (FEDORA-2024-0a4a65f805)
2024-09-16 00:00:00
nessus
nessus
Fedora 40 : chromium (2024-0a4a65f805)
2024-09-14 00:00:00
Fedora 39 : chromium (2024-37f95ce86b)
2024-09-18 00:00:00
fedora
fedora
[SECURITY] Fedora 41 Update: chromium-128.0.6613.137-1.fc41
2024-09-18 01:54:49
[SECURITY] Fedora 40 Update: chromium-128.0.6613.137-1.fc40
2024-09-14 02:02:05
[SECURITY] Fedora 39 Update: chromium-128.0.6613.137-1.fc39
2024-09-18 03:35:32
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2024-43796