CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
21.3%
passing untrusted user input - even after sanitizing it - to redirect()
may execute untrusted code
this issue is patched in serve-static 1.16.0
users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist
successful exploitation of this vector requires the following:
github.com/expressjs/serve-static
github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
nvd.nist.gov/vuln/detail/CVE-2024-43800
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
21.3%