Lucene search
HistorySep 10, 2024 - 3:15 p.m.
CVE-2024-43800
serve-static
untrusted user input
redirect
execute untrusted code
patched
version 1.16.0
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.3%
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Affected configurations
Node
openjsfserve-staticRange<1.16.0node.js
ORopenjsfserve-staticRange2.0.0–2.1.0node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openjsf | serve-static | * | cpe:2.3:a:openjsf:serve-static:*:*:*:*:*:node.js:*:* |
Related
cvelist
cvelist
vulnrichment
vulnrichment
osv
osv
CGA-wq6m-hw6r-4r4g
2024-09-25 05:37:21
CGA-6mjq-8vxm-wf5h
2024-09-25 05:14:35
serve-static vulnerable to template injection that can lead to XSS
2024-09-10 19:42:33
github
github
serve-static vulnerable to template injection that can lead to XSS
2024-09-10 19:42:33
cve
cve
CVE-2024-43800
2024-09-10 15:15:17
redhatcve
redhatcve
CVE-2024-43800
2024-09-10 17:43:42
debiancve
debiancve
CVE-2024-43800
2024-09-10 15:15:17
wolfi
wolfi
CVE-2024-43800 vulnerabilities
2024-09-29 03:35:17
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.3%
Related for NVD:CVE-2024-43800