Security Bulletin: A vulnerability in the Send library affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Send library affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in send-0.18.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of send-0.18.0.tgz Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for...

Debian: Security Advisory (DLA-4224-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2024-43799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted...

Security Bulletin: Vulnerabiity in pillarjs send affects watsonx.data

Summary pillarjs send is vulnerable to cross-site scripting, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

Security Bulletin: IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-43800 CVE-2024-43799 CVE-2024-6119.

Summary IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-43800, CVE-2024-43799 and CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused ...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43799)

Summary There is a vulnerability in pillarjs send used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site...

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update

An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in send-0.18.0.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of send-0.18.0.tgz Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-43799)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43799 advisory. - Send is a library for streaming files from the file system as a http response. Send passes untrusted user...

01-numacert (>=1.0.0 <=3.0.0), 02-infrastructure (=1.0.0) +24613 more potentially affected by CVE-2024-43799 via send (>=0.0.1 <=0.18.0)

send NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.3, =0.1.0, =0.3.5 and more Source cves: CVE-2024-43799 Source advisory: OSV:GHSA-M6FV-JMCG-4JFG...

CVE-2024-43799

creationtimestamp| type| source ---|---|--- 2024-09-10 18:25:09+00:00| seen| https://t.me/cvedetector/5242...

CVE-2024-43799

A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

AZL-49123 CVE-2024-43799 affecting package reaper for versions less than 3.1.1-13

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

CVE-2024-43799 vulnerabilities

Vulnerabilities for packages: sqlpad, thingsboard, kubeflow-pipelines, kubeflow-centraldashboard, argo-workflows...

CVE-2024-43799

CVE-2024-43799 is a vulnerability in the Send library used to stream files as HTTP responses. The issue occurs because untrusted input is passed to SendStream.redirect(), which can cause execution of untrusted code. The description notes this leads to code execution and that the fix is in send 0....

CVE-2024-43799 send vulnerable to template injection that can lead to XSS

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...