Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-10491

Опубликовано: 29 окт. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4

Описание

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and <> to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.

РелизСтатусПримечание
devel

not-affected

esm-apps/bionic

not-affected

esm-apps/focal

not-affected

esm-apps/jammy

not-affected

esm-apps/noble

not-affected

esm-apps/xenial

not-affected

4.1.1~dfsg-1
focal

ignored

end of standard support, was needs-triage
jammy

not-affected

noble

not-affected

oracular

not-affected

Показывать по

EPSS

Процентиль: 18%
0.00057
Низкий

4 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.4
redhat
9 месяцев назад

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.

CVSS3: 4
nvd
9 месяцев назад

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.

CVSS3: 4
debian
9 месяцев назад

A vulnerability has been identified in the Express response.linksfunct ...

CVSS3: 4
github
9 месяцев назад

Express ressource injection

EPSS

Процентиль: 18%
0.00057
Низкий

4 Medium

CVSS3