Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43796

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

Published

2024-09-10T15:15:17.510

Last Modified

2024-09-20T16:07:47.997

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openjsf	express	< 4.20.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes
Application	openjsf	express	5.0.0	Yes

References

https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553 Patch ([email protected])
https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx Vendor Advisory ([email protected])