Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-43796HistorySep 10, 2024 - 3:15 p.m.
CVE-2024-43796
2024-09-1015:15:17
Debian Security Bug Tracker
security-tracker.debian.org
express.js
web framework
security issue
untrusted user input
response redirect
code execution
patched
CVSS3
5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
7.2
Confidence
Low
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | node-express | <= 4.18.2+~4.17.14-1 | node-express_4.18.2+~4.17.14-1_all.deb |
| Debian | 11 | all | node-express | <= 4.17.1-3 | node-express_4.17.1-3_all.deb |
| Debian | 999 | all | node-express | < 4.21.0+~cs8.36.26-1 | node-express_4.21.0+~cs8.36.26-1_all.deb |
| Debian | 13 | all | node-express | <= 4.19.2+~cs8.36.26-1 | node-express_4.19.2+~cs8.36.26-1_all.deb |
Related
osv
osv
express vulnerable to XSS via response.redirect()
2024-09-10 19:41:04
CVE-2024-43796
2024-09-10 15:15:17
vulnrichment
vulnrichment
CVE-2024-43796 express vulnerable to XSS via response.redirect()
2024-09-10 14:36:27
nvd
nvd
CVE-2024-43796
2024-09-10 15:15:17
redhatcve
redhatcve
CVE-2024-43796
2024-09-10 16:13:22
github
github
express vulnerable to XSS via response.redirect()
2024-09-10 19:41:04
cve
cve
CVE-2024-43796
2024-09-10 15:15:17
cvelist
cvelist
CVE-2024-43796 express vulnerable to XSS via response.redirect()
2024-09-10 14:36:27
wolfi
wolfi
CVE-2024-43796 vulnerabilities
2024-09-19 21:18:36
nessus
nessus
Fedora 40 : chromium (2024-0a4a65f805)
2024-09-14 00:00:00
Fedora 39 : chromium (2024-37f95ce86b)
2024-09-18 00:00:00
fedora
fedora
[SECURITY] Fedora 41 Update: chromium-128.0.6613.137-1.fc41
2024-09-18 01:54:49
[SECURITY] Fedora 39 Update: chromium-128.0.6613.137-1.fc39
2024-09-18 03:35:32
[SECURITY] Fedora 40 Update: chromium-128.0.6613.137-1.fc40
2024-09-14 02:02:05
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-0a4a65f805)
2024-09-16 00:00:00
Fedora: Security Advisory (FEDORA-2024-37f95ce86b)
2024-09-18 00:00:00
CVSS3
5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
7.2
Confidence
Low
Related for DEBIANCVE:CVE-2024-43796