CVE-2024-43796

CVE-2024-43796

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

Published Sep 11, 2024

https://github.com/advisories/GHSA-qw6h-vgh9-j6wx

CVSS ScoreMedium

4.7

Vulnerabilities

CVE-2024-43796

Published Sep 11, 2024

https://github.com/advisories/GHSA-qw6h-vgh9-j6wx

CVSS ScoreMedium

4.7

CVE-2024-43796 Security Details

CVE ID: CVE-2024-43796
CWE: CWE-79
CVE Description: Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Published: Sep 11, 2024
CVSS Score & Severity: 4.7Medium
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score: 0.120%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://github.com/advisories/GHSA-qw6h-vgh9-j6wxTHIRD_PARTY

CVE-2024-43796 Security Details

CVE ID: CVE-2024-43796
CWE: CWE-79
CVE Description: Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Published: Sep 11, 2024
CVSS Score & Severity: 4.7Medium
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score: 0.120%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://github.com/advisories/GHSA-qw6h-vgh9-j6wxTHIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2024-43796

CVE-2024-43796 Security Details

CVE-2024-43796 Security Details