VDB
CISA-2024-43796
CISA-2024-43796
PUBLISHED
CVSS 5 MEDIUM
Reported by GitHub_M · Published September 10, 2024
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Risk Scores
CVSS 3.1
5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| expressjs | express | < 4.20.0, >= 5.0.0-alpha.1, < 5.0.0 |
| expressjs | express | *, *, < 4.20.0 |
Timeline
- Sep 10, 2024 CVE Published
- Sep 10, 2024 CVE Updated