Security Bulletin: A vulnerability in the serve-static package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the serve-static package affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute...

CVE-2023-43800

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

com.liferay:com.liferay.dynamic.data.lists.form.web (>=1.0.0 <=2.0.14), com.liferay:com.liferay.dynamic.data.mapping.form.renderer (>=2.0.0 <=2.1.15) +17 more potentially affected by CVE-2025-43800 via com.liferay:com.liferay.dynamic.data.mapping.form.field.type (=2.0.0)

com.liferay:com.liferay.dynamic.data.mapping.form.field.type MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.dynamic.data.mapping.form.field.type and may be impacted: -...

CVE-2025-43800

creationtimestamp| type| source ---|---|--- 2025-09-15 21:10:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyvpqvjvo52o...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in serve-static-1.15.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of serve-static-1.15.0.tgz Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serve...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Cross-site Scripting (XSS) due to server-static package ( CVE-2024-43800 )

Summary Potential vulnerabilities in server-static package CVE-2024-43800 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to...

CVE-2021-43800

Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special...

Security Bulletin: Vulnerability in expressjs serve-static affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in expressjs serve-static has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

Linux Distros Unpatched Vulnerability : CVE-2024-43800

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is...

Security Bulletin: IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-43800 CVE-2024-43799 CVE-2024-6119.

Summary IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-43800, CVE-2024-43799 and CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)

Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site...

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update

An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in serve-static-1.15.0.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of serve-static-1.15.0.tgz Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-43800)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43800 advisory. - serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to...

CVE-2024-43800 affecting package reaper for versions less than 3.1.1-13

CVE-2024-43800 affecting package reaper for versions less than 3.1.1-13. A patched version of the package is available...

01-numacert (>=1.0.0 <=3.0.0), 02-infrastructure (=1.0.0) +18554 more potentially affected by CVE-2024-43800 via serve-static (>=1.0.1 <=1.15.0)

serve-static NPM version =1.0.1, =1.0.0, =1.0.0, =1.0.3, =0.1.0, =0.2.0, =0.2.2 and more Source cves: CVE-2024-43800 Source advisory: OSV:GHSA-CM22-4G7W-348P...

CVE-2024-43800

creationtimestamp| type| source ---|---|--- 2024-09-10 18:25:08+00:00| seen| https://t.me/cvedetector/5241...