Количество 5
Количество 5
CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
CVE-2024-10491
A vulnerability has been identified in the Express response.linksfunct ...
GHSA-cm5g-3pgc-8rg4
Express ressource injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-10491 A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-10491 A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. | CVSS3: 5.4 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-10491 A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
| CVE-2024-10491 A vulnerability has been identified in the Express response.linksfunct ... | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
| GHSA-cm5g-3pgc-8rg4 Express ressource injection | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу