Lucene search
HistorySep 10, 2024 - 3:15 p.m.
CVE-2024-43799
send library
vulnerability
patched
version 0.19.0
untrusted code
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
Affected configurations
Node
send_projectsendRange<0.19.0node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| send_project | send | * | cpe:2.3:a:send_project:send:*:*:*:*:*:node.js:*:* |
Related
redhatcve
redhatcve
CVE-2024-43799
2024-09-10 16:44:20
osv
osv
UBUNTU-CVE-2024-43799
2024-09-10 15:15:00
send vulnerable to template injection that can lead to XSS
2024-09-10 19:42:41
CGA-9cw3-8w4j-827w
2024-09-16 12:20:24
github
github
send vulnerable to template injection that can lead to XSS
2024-09-10 19:42:41
vulnrichment
vulnrichment
CVE-2024-43799 send vulnerable to template injection that can lead to XSS
2024-09-10 14:45:06
debiancve
debiancve
CVE-2024-43799
2024-09-10 15:15:17
wolfi
wolfi
CVE-2024-43799 vulnerabilities
2024-09-29 03:35:17
cvelist
cvelist
CVE-2024-43799 send vulnerable to template injection that can lead to XSS
2024-09-10 14:45:06
cve
cve
CVE-2024-43799
2024-09-10 15:15:17
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2024-43799