Описание
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.21.0+~cs8.36.26-2 |
| esm-apps/bionic | released | 4.1.1~dfsg-1ubuntu0.18.04.1~esm1 |
| esm-apps/focal | released | 4.17.1-2ubuntu0.1~esm1 |
| esm-apps/jammy | released | 4.17.3+~4.17.13-1ubuntu0.1~esm1 |
| esm-apps/noble | released | 4.19.2+~cs8.36.21-1ubuntu0.1~esm1 |
| esm-apps/xenial | released | 4.1.1~dfsg-1ubuntu0.16.04.1~esm1 |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needed | |
| noble | needed | |
| oracular | released | 4.19.2+~cs8.36.26-1ubuntu0.1 |
Показывать по
EPSS
5 Medium
CVSS3
Связанные уязвимости
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Express.js minimalist web framework for node. In express < 4.20.0, pas ...
express vulnerable to XSS via response.redirect()
EPSS
5 Medium
CVSS3