Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-43796

Опубликовано: 10 сент. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5

Описание

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

РелизСтатусПримечание
devel

not-affected

4.21.0+~cs8.36.26-2
esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

noble

needs-triage

oracular

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 14%
0.00045
Низкий

5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-43796

CVSS3: 5
redhat
9 месяцев назад

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

nvd логотип

CVE-2024-43796

CVSS3: 5
nvd
9 месяцев назад

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

msrc логотип

CVE-2024-43796

CVSS3: 4.7
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-43796

CVSS3: 5
debian
9 месяцев назад

Express.js minimalist web framework for node. In express < 4.20.0, pas ...

github логотип

GHSA-qw6h-vgh9-j6wx

CVSS3: 5
github
9 месяцев назад

express vulnerable to XSS via response.redirect()

EPSS

Процентиль: 14%
0.00045
Низкий

5 Medium

CVSS3