Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-43796

Опубликовано: 10 сент. 2024
Источник: ubuntu
Приоритет: medium
CVSS3: 5

Описание

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

РелизСтатусПримечание
devel

not-affected

4.21.0+~cs8.36.26-2
esm-apps/bionic

released

4.1.1~dfsg-1ubuntu0.18.04.1~esm1
esm-apps/focal

released

4.17.1-2ubuntu0.1~esm1
esm-apps/jammy

released

4.17.3+~4.17.13-1ubuntu0.1~esm1
esm-apps/noble

released

4.19.2+~cs8.36.21-1ubuntu0.1~esm1
esm-apps/xenial

released

4.1.1~dfsg-1ubuntu0.16.04.1~esm1
focal

ignored

end of standard support, was needs-triage
jammy

needed

noble

needed

oracular

released

4.19.2+~cs8.36.26-1ubuntu0.1

Показывать по

5 Medium

CVSS3

Связанные уязвимости

CVSS3: 5
redhat
11 месяцев назад

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

CVSS3: 5
nvd
11 месяцев назад

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

CVSS3: 4.7
msrc
10 месяцев назад

Описание отсутствует

CVSS3: 5
debian
11 месяцев назад

Express.js minimalist web framework for node. In express < 4.20.0, pas ...

CVSS3: 5
github
11 месяцев назад

express vulnerable to XSS via response.redirect()

5 Medium

CVSS3